Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?

lmm-av · 13.11.2012, 10:55

Hallo zusammen.

Ich habe seit einigen Tagen folgende 2 Meldungen in Avira:
1.
Die Datei 'C:\Users\Thomas\AppData\Roaming\AcroIEHelpe227.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5406a6b8.qua' verschoben!
2.
Die Datei 'C:\Users\Thomas\AppData\Local\Temp\ldrC6B8.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55df5e5a.qua' verschoben!

Mein System:
ACER ASPIRE 5750G
Intel i5-2410M 2.3GHz 64bit
NVIDIA GeForce GT 540M
4GB Arbeitsspeicher
500GB HDD

Dann hab ich noch ein paar logfiles für euch:

defogger_disable.log:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:38 on 13/11/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OLT.Txt

Code:

ATTFilter

OTL logfile created on: 13.11.2012 09:43:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,94% Memory free
7,71 Gb Paging File | 5,80 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 15,99 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive E: | 353,01 Gb Total Space | 201,11 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 09:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 12:39:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:30:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.08.26 13:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.03.14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.03.09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.03.09 18:10:04 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.22 09:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.15 10:57:44 | 000,203,912 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2010.04.15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2007.08.03 11:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.03 11:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.11 18:59:28 | 000,181,304 | ---- | M] () -- C:\Users\***\AppData\Roaming\16001.009\components\AcroFF009.dll
MOD - [2012.11.06 07:10:09 | 000,182,184 | ---- | M] () -- C:\Users\***\AppData\Roaming\16ffmeih001.001\components\ffmeih.dll
MOD - [2012.11.06 07:09:58 | 000,486,312 | ---- | M] () -- C:\Users\***\AppData\Roaming\16ffmei001.002\components\ffmei.dll
MOD - [2012.10.06 03:14:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 10:35:48 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012.06.14 09:42:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:42:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 10:14:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012.05.12 10:12:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 10:11:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 10:11:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 10:11:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 10:11:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 10:11:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.06 00:40:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.03.09 18:13:18 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.15 10:54:42 | 000,187,528 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes407.dll
MOD - [2010.04.15 10:54:24 | 002,473,096 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes407.dll
MOD - [2007.03.13 10:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.01 15:59:16 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:30:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.08.05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.07.05 15:10:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.10 13:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.04.15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.15 07:20:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 20:30:33 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:30:33 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 00:43:29 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2011.11.03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.04.15 19:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.30 23:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 05:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 05:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.03.01 15:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011.01.20 04:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.01.17 23:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.01.14 02:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.12 07:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.12.28 14:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://acer.msn.com [binary data]
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - prefs.js..extensions.enabledAddons: {A396240B-27B6-4007-9588-064E96278BAD}:1.0
FF - prefs.js..extensions.enabledAddons: {BC5B75E1-4A8F-4081-A8B8-3B6E5B9F068D}:1.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 17:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\Users\Thomas\AppData\Roaming\16ffmei001.002 [2012.11.06 07:10:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{BC5B75E1-4A8F-4081-A8B8-3B6E5B9F068D}: C:\Users\Thomas\AppData\Roaming\16ffmeih001.001 [2012.11.06 07:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Thomas\AppData\Roaming\16001.009 [2012.11.11 18:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.07 19:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.26 17:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions
[2012.10.26 17:39:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.17 09:26:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.13 23:10:55 | 000,189,644 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oir04hnp.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2011.10.29 02:06:39 | 000,002,055 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\oir04hnp.default\searchplugins\daemon-search.xml
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.11.11 18:59:28 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\16001.009
[2012.11.06 07:10:00 | 000,000,000 | ---D | M] (Java Common Helper) -- C:\USERS\***\APPDATA\ROAMING\16FFMEI001.002
[2012.11.06 07:10:11 | 000,000,000 | ---D | M] (Adobe Pdf Helper 1.0) -- C:\USERS\***\APPDATA\ROAMING\16FFMEIH001.001
[2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: cleverreach.com ([novastor] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: google-analytics.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: novastor.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: novastor.com ([]https in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAA5634-0035-4185-B50A-EBCA2C02926B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ad4afe3-fa62-11e0-8321-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4afe3-fa62-11e0-8321-b870f49f885f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ad4afef-fa62-11e0-8321-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4afef-fa62-11e0-8321-b870f49f885f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3a1082f3-f44b-11e0-bfe2-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{3a1082f3-f44b-11e0-bfe2-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7a868878-4ea6-11e1-a28a-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a868878-4ea6-11e1-a28a-b870f49f885f}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8a0a1f65-f34f-11e0-ad0c-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0a1f65-f34f-11e0-ad0c-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8a0a1f78-f34f-11e0-ad0c-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0a1f78-f34f-11e0-ad0c-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{93bdd469-0cb9-11e1-beba-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{93bdd469-0cb9-11e1-beba-b870f49f885f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{df55f88b-6fa7-11e1-a65c-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{df55f88b-6fa7-11e1-a65c-b870f49f885f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.13 09:37:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.11 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.009
[2012.11.06 12:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.008
[2012.11.06 07:10:31 | 000,195,496 | ---- | C] (BitDefender Corporation) -- C:\Users\***\AppData\Roaming\meih.dll
[2012.11.06 07:10:21 | 000,491,432 | ---- | C] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\mei.dll
[2012.11.06 07:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.11.06 07:10:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.03 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.007
[2012.11.01 15:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.01 12:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2011
[2012.11.01 12:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale 2011
[2012.10.31 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\16001.006
[2012.10.26 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012.10.26 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.10.26 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.10.26 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.10.26 19:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.10.26 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.005
[2012.10.24 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.012
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PACE Anti-Piracy
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.10.20 17:43:45 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.10.20 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.10.20 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.10.20 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.10.20 17:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS6
[2012.10.20 17:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.20 17:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.20 17:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Adobe CS6 Production Premium
[2012.10.20 10:40:00 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2012.10.18 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.011
[2012.10.17 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.010
[2012.10.15 10:38:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe Scripts
[2 C:\Users\Thomas\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.13 09:46:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 09:46:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 09:46:37 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.13 09:46:37 | 000,656,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.13 09:46:37 | 000,616,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.13 09:46:37 | 000,130,894 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.13 09:46:37 | 000,107,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.13 09:39:15 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.11.13 09:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.13 09:38:59 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.13 09:38:20 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.13 09:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.13 09:37:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.12 13:14:42 | 000,000,034 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.11.12 11:53:27 | 000,000,080 | ---- | M] () -- C:\Windows\BBW_INFO.INI
[2012.11.11 18:59:34 | 000,208,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll
[2012.11.11 18:59:34 | 000,007,720 | ---- | M] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll
[2012.11.11 17:24:59 | 000,000,531 | ---- | M] () -- C:\Users\***\Desktop\Band-in-a-Box.lnk
[2012.11.06 07:10:31 | 000,195,496 | ---- | M] (BitDefender Corporation) -- C:\Users\***\AppData\Roaming\meih.dll
[2012.11.01 21:43:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.01 12:15:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2011.lnk
[2012.11.01 12:08:45 | 000,001,117 | ---- | M] () -- C:\Users\***\Desktop\CDex.lnk
[2012.10.31 14:38:55 | 000,000,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.10.28 21:04:34 | 000,007,605 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.10.28 11:20:15 | 000,001,088 | ---- | M] () -- C:\Users\***\Desktop\Adobe Premiere Pro CS6.lnk
[2012.10.26 19:30:12 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.10.26 19:02:21 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo ClipFinder HD.lnk
[2012.10.26 17:38:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.24 07:45:16 | 005,447,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.13 09:38:20 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.13 09:37:17 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.11 18:59:34 | 000,208,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll
[2012.11.11 18:59:34 | 000,007,720 | ---- | C] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll
[2012.11.01 12:15:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2011.lnk
[2012.11.01 12:08:45 | 000,001,117 | ---- | C] () -- C:\Users\***\Desktop\CDex.lnk
[2012.10.31 14:38:55 | 000,000,018 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.10.28 21:04:34 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.10.28 11:20:15 | 000,001,088 | ---- | C] () -- C:\Users\***\Desktop\Adobe Premiere Pro CS6.lnk
[2012.10.26 19:30:12 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.10.26 17:38:27 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.26 17:38:27 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.20 17:41:03 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.10.13 23:43:42 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.10.13 17:19:28 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2012.08.28 16:11:50 | 000,000,080 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2012.08.24 20:32:34 | 000,000,186 | ---- | C] () -- C:\Windows\VWCMIM.INI
[2012.04.22 19:25:43 | 000,000,028 | ---- | C] () -- C:\Windows\PcNcEdtClnd.ini
[2012.02.23 09:04:37 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.12 14:57:06 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.21 22:06:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011.12.13 22:07:46 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011.11.13 13:33:47 | 000,000,553 | ---- | C] () -- C:\Windows\CAPELL~1.INI
[2011.11.08 17:20:59 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011.10.28 20:05:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.10.27 15:15:44 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.25 11:58:03 | 000,000,043 | ---- | C] () -- C:\Windows\gswin64.ini
[2011.10.23 20:21:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.09 21:06:58 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini
[2011.06.08 08:30:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.08 08:30:45 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.08 08:30:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.06.08 08:30:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.08 08:30:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.08 07:57:52 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.09 14:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.oit
[2012.10.20 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.008
[2012.10.20 01:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.010
[2012.10.20 01:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.011
[2012.10.24 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.012
[2012.10.26 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.005
[2012.10.31 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.006
[2012.11.03 14:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.007
[2012.11.06 12:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.008
[2012.11.11 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.009
[2012.11.06 07:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.06 07:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.02.09 00:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.08.16 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.12.13 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avid
[2011.10.07 20:27:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft
[2012.08.24 18:25:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.19 14:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\capella-software
[2011.12.29 15:14:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2012.10.26 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.26 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.12 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.06.22 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.05.16 23:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.10.24 12:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.10.13 23:40:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeTorrentViewer
[2012.02.09 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.02.09 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDX4 GmbH
[2012.02.10 10:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek
[2012.10.13 23:43:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012.11.01 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MakeMusic
[2012.05.03 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASNaviator2
[2012.04.19 08:36:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron
[2012.04.23 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\newsXpresso
[2012.10.20 18:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2012.08.30 07:40:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2012.02.28 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2012.02.09 13:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SuperEasy Software
[2012.05.05 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.22 19:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2011.10.08 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.23 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.11.08 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.10.10 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2012.10.20 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack
[2012.10.26 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.11.13 09:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5D458568

< End of report >

lmm-av · 13.11.2012, 10:57

Und hier noch die extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 13.11.2012 09:43:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,94% Memory free
7,71 Gb Paging File | 5,80 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 15,99 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive E: | 353,01 Gb Total Space | 201,11 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09161D66-AACB-4102-B054-2666F5DFE28B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{169646D4-FE2C-4595-826E-8E5ADDFADFFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{21895E59-1651-40E2-BC72-9B7D15975315}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BCB2AE8-E55B-4E51-8EF8-3561E6A66B2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3CF41CD6-B9BD-4238-9469-D6B9F4CA7ADC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4201EBDA-1BB3-4A8A-AA37-9AA61A3CDF51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{4454F89B-F233-4866-BEF1-2BA104A9BF86}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{46C3E083-ECDF-425C-AD9A-43D79E7549EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{649D74F3-03C6-487B-A219-868BFD6D7EB9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{67815EEC-48E8-4E82-8D0E-FDFEFD91D853}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{7082421D-E820-4C99-9DFC-A9F9F1E138C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70BEAD3D-2F77-4C38-966C-911DA99404E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{76D37524-A4C2-426C-9CBF-4E577097849B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{859B92A4-DDE2-421E-BCBE-4785257CA8AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A58840CE-C921-4346-A03B-B6B420EE7082}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A9487D45-E877-4E31-9AD9-DCF4B65F778D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B38F513D-666C-4D0F-88B2-1C2D9E54DEF1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5D86EBB-9825-493B-B2B1-D09C2A7CA702}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C299C199-5C1D-45A3-B60C-CC6395ACFCD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3187699-A845-412F-A3D4-92F66DCF3C0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C426AA49-69CE-4B2A-A011-28EF76CF6977}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4428371-F3D7-4B0B-AE5D-4118DA9D832D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{D8F05E11-99BB-4DAC-A6C1-940A7BA92DE2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DFA7E547-ECA1-4BC9-ABAB-12D4790BFADC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F24F2E4A-C837-47C8-911A-ABFC6AACA215}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0538873C-6923-4C84-9391-7177578CC01E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D4C2DB5-3415-4FF4-A707-09BA6F1480D1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{11C0AE69-89D3-45D9-81AE-F415CE9537E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A32347A-8B33-4EBC-9234-0A65C536F0A8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{27A23E95-E1C7-4432-A9EA-C254AF55B69E}" = protocol=6 | dir=in | app=f:\bb\bbhelper\bandinaboxserver.exe | 
"{32C5D1DA-F0A9-480E-B324-F0963493CE1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3961A086-8231-4A74-AE86-D2C681F36BA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{407CE522-5D39-4286-8514-656D2BEE7FB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{431377FC-F7DC-4A2A-87E0-8518AAD80B8D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{46248088-7EEA-42E6-9EC6-F00B41ABEEAF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | 
"{47A9FEC6-ECB5-4B34-8F8F-FB052E1447BC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{47D71B86-66CE-499A-BB0C-B21806FFD8BF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{4C2CE5C7-279B-4403-A212-D996FB1FE7F7}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{52F126C9-B3BD-4E7F-A169-8AB9A7ED1021}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{560B541E-6E69-4869-9649-ABBE53923944}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5947D36B-6235-45AA-856D-EE24955E6B7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{5D91EA21-DB12-45C4-BDCB-7ECCAC31E632}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{60AAE384-4505-4B36-A5FE-B60BB9E457D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{61A5AE21-0B49-482D-BCF3-10CDA77C56FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62B1EEAD-8B19-4305-8567-3A72BEEF7C51}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6D15E66D-A963-401B-924F-954A8F18E530}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{77F955FE-5DFF-48A4-BD2A-2329939D3EC5}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{81067F52-D1DE-4FDD-97E9-0D4840B74CA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{822D7B53-EAF6-484E-AE16-74202A42BE7E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{8D422090-6E61-4D91-8F5C-4B7C3A638374}" = protocol=17 | dir=in | app=f:\bb\bbhelper\bandinaboxserver.exe | 
"{979FDE08-B2CC-436C-8226-0E4700D2E7E8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9C2F5002-50EC-4979-B06C-FB57C8D602C8}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{9EFA4742-D947-4492-A757-244F48750D1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A3C2CD8C-2DAD-4CE6-9651-555213303723}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{A79CDF13-BEC1-443C-8781-728B6E545E91}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{A9FB1443-FBD9-4C9B-8F84-33AE018FE5A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABB2C0FC-C181-4129-AEC8-8F27358012C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE4A235B-A7EB-45D2-8D41-DD18EBAD1353}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | 
"{AFE724DA-B7F4-4462-B0D7-F3DC58D9A94E}" = protocol=6 | dir=out | app=system | 
"{B6AE464D-5494-4495-8CD1-A9A3E34B8B16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{C04EA588-9443-4FCF-9BE7-DFC6C316E194}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C2BD7EDA-3E35-4E7D-A026-6C083EDA732B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{C4EB6E7C-2E64-48BD-9972-C47269B37599}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{CD0865CB-6341-4016-AD0C-0E7D60EB0163}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{D9180F6E-691D-4EAC-AF51-70ACAF483AAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{E252DEEC-7A4A-4E46-AA64-5C75D5B4E812}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E6B6D37D-03DB-43D0-9AE5-AFA398F8627D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{E962E2BA-9F8E-4221-BDD1-B1BB26A93A7F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{EA2049F4-AC97-4DD6-B7F6-90F6A2523C71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1E5C40E-4B68-4888-8D1A-20FB6AA8622F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F4F50A77-B888-43EF-B54B-9FF354244B28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{FC8C86D4-7732-4AA6-9ABB-3BD0A95C6087}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{FE8D6517-90EB-4EDD-B430-EF92FE4E4E68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{7E4B6C00-8307-48A7-B4F0-073B9880FB08}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
"TCP Query User{FCA6C705-089A-41F4-947C-39FA7F1F7EC0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{22AA9A5F-F4F0-4E9A-A037-D102A5FC7BE2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{D7662EAE-2AA5-4C44-8689-BC38F1033470}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1A1A9F0B-2C77-40EE-9052-42B2EBBDD52B}" = HP Scanjet 3800
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"ZTE USB Driver" = ZTE USB Driver
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}" = Adobe Creative Suite 6 Production Premium
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17857C69-7BF4-4821-9626-76C1597FD9F0}" = hpg3800
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{419C048C-AED5-4B7F-87D3-1845286D1F35}" = capella 2008
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{614020C8-2E16-4E16-A5F0-04DE2AB96097}" = Adobe Premiere Pro CS6 Functional Content
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"1ClickDownload" = OnlineHDTV
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.2.7
"Avira AntiVir Desktop" = Avira Free Antivirus
"BB_is1" = Band-in-a-Box und RealBand 2011
"BBServer_is1" = Band-in-a-Box Server
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"EAGLE 5.11.0" = EAGLE 5.11.0
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Finale 2011" = Finale 2011
"FreePDF_XP" = FreePDF (Remove only)
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NovaBACKUP" = NovaBACKUP
"o2DE" = Mobile Connection Manager
"Office14.SingleImage" = Microsoft Office Professional 2010
"PC NC" = PC NC
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinPC-NC Economy Demo" = WinPC-NC Economy Demo
"wintrack6_is1" = WinTrack V9.0 3D
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2012 13:04:34 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Setup-Files\SoftonicDownloader_fuer_getdataback.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.09.2012 06:35:38 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 23.09.2012 04:40:17 | Computer Name = ***-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.09.2012 05:28:13 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DMREngine.exe, Version: 1.1.0.3904,
 Zeitstempel: 0x4d709ab4  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00006a6d  ID des fehlerhaften
 Prozesses: 0xccc  Startzeit der fehlerhaften Anwendung: 0x01cd996708dc40f7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: feadd3c8-0560-11e2-9737-b870f49f885f
 
Error - 23.09.2012 13:11:08 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 23.09.2012 16:01:39 | Computer Name = ***-Notebook | Source = RasClient | ID = 20227
Description = 
 
Error - 24.09.2012 15:50:22 | Computer Name = ***-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.09.2012 15:54:44 | Computer Name = ***-Notebook | Source = RasClient | ID = 20227
Description = 
 
Error - 24.09.2012 15:54:54 | Computer Name = ***-Notebook | Source = RasClient | ID = 20227
Description = 
 
Error - 24.09.2012 16:13:11 | Computer Name = ***-Notebook | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2012 13:24:09 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Kithara-Lewetz
 
Error - 26.03.2012 13:25:28 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2012 14:04:33 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2012 15:16:39 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 27.03.2012 09:30:25 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 27.03.2012 13:57:51 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 27.03.2012 18:04:14 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 28.03.2012 12:24:01 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 28.03.2012 14:15:12 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
Error - 28.03.2012 15:18:18 | Computer Name = ***-Notebook | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Vielen dank schon mal im Voraus für eure Hilfe.

markusg · 13.11.2012, 12:18

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
[2012.11.11 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.009
[2012.11.06 12:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.008
[2012.11.06 07:10:31 | 000,195,496 | ---- | C] (BitDefender Corporation) -- C:\Users\***\AppData\Roaming\meih.dll
[2012.11.06 07:10:21 | 000,491,432 | ---- | C] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\mei.dll
[2012.11.06 07:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.11.06 07:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.11.06 07:10:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.03 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.007
[2012.10.31 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\16001.006
[2012.10.26 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.005
[2012.10.24 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.012
[2012.10.18 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.011
[2012.10.17 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.010
[2012.11.11 18:59:34 | 000,208,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll
[2012.11.11 18:59:34 | 000,007,720 | ---- | M] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll
[2012.10.20 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.008
[2012.11.06 07:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.06 07:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

lmm-av · 13.11.2012, 23:48

muß ich die *** durch den eigendlichen Ordnernamen (mein Name) ersetzen oder funktioniert das auch mit den ***?

markusg · 14.11.2012, 00:15

ne durch deinen namen ersetzen, sorry hatte ich nichtdrann gedacht das zu posten

lmm-av · 14.11.2012, 00:31

So, nun also die Textdatei nach dem Neustart:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\16001.009\components folder moved successfully.
C:\Users\***\AppData\Roaming\16001.009 folder moved successfully.
C:\Users\***\AppData\Roaming\16001.008\components folder moved successfully.
C:\Users\***\AppData\Roaming\16001.008 folder moved successfully.
C:\Users\***\AppData\Roaming\meih.dll moved successfully.
C:\Users\***\AppData\Roaming\mei.dll moved successfully.
C:\Users\***\AppData\Roaming\16ffmeih001.001\components folder moved successfully.
C:\Users\***\AppData\Roaming\16ffmeih001.001 folder moved successfully.
Folder C:\Users\***\AppData\Roaming\16ffmeih001.001\ not found.
C:\Users\***\AppData\Roaming\16ffmei001.002\components folder moved successfully.
C:\Users\***\AppData\Roaming\16ffmei001.002 folder moved successfully.
C:\Users\***\AppData\Roaming\16001.007\components folder moved successfully.
C:\Users\***\AppData\Roaming\16001.007 folder moved successfully.
C:\Users\***\AppData\Roaming\16001.006\components folder moved successfully.
C:\Users\***\AppData\Roaming\16001.006 folder moved successfully.
C:\Users\***\AppData\Roaming\16001.005\components folder moved successfully.
C:\Users\***\AppData\Roaming\16001.005 folder moved successfully.
C:\Users\***\AppData\Roaming\15001.012\components folder moved successfully.
C:\Users\***\AppData\Roaming\15001.012 folder moved successfully.
C:\Users\***\AppData\Roaming\15001.011\components folder moved successfully.
C:\Users\***\AppData\Roaming\15001.011 folder moved successfully.
C:\Users\***\AppData\Roaming\15001.010\components folder moved successfully.
C:\Users\***\AppData\Roaming\15001.010 folder moved successfully.
File C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll not found.
C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll moved successfully.
C:\Users\***\AppData\Roaming\15001.008\components folder moved successfully.
C:\Users\***\AppData\Roaming\15001.008 folder moved successfully.
Folder C:\Users\***\AppData\Roaming\16ffmei001.002\ not found.
Folder C:\Users\***\AppData\Roaming\16ffmeih001.001\ not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56466 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Flash cache emptied: 140644 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 1907513853 bytes
->Temporary Internet Files folder emptied: 49559704 bytes
->Java cache emptied: 1920411 bytes
->FireFox cache emptied: 709720925 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 260371828 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6580362578 bytes
 
Total Files Cleaned = 9.069,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142012_002312

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Die ZIP Datei konnte erfolgreich hochgeladen werden.
(Es gab zumindest keine Fehlermeldung)

markusg · 14.11.2012, 00:58

danke
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnich wichtiges, wie berufliches?

lmm-av · 14.11.2012, 10:42

Der Rechner wird für Onlinebanking und für Zahlungen via PayPal genutzt,
außerdem auch für Einkäufe bei Onlineauktionshäusern und sonstigen Versandverkäufern.

markusg · 14.11.2012, 14:19

hi
bank anrufen, banking auf grund von multibanker bzw trojan.bankpatch sperren lassen.
alle passwörter,sind als gestohlen anzusehen.
da du oninebanking machst, und man eine bereinigung nicht garantieren kann, solltest du neu aufsetzen, und wir sichern den pc dann richtig ab, anleitungen und hilfestellungen bekommst du, keine angst.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?

Log-Analyse und Auswertung: Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?