Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: hohes Datenaufkommen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2013, 20:15   #1
andi1803
 
hohes Datenaufkommen - Standard

hohes Datenaufkommen



Hi,
seit einigen Tagen habe ich einen erhöten Traffic. Ich weis nicht woran es liegt und befürchte nun das irgend ein Trojaner auf meine Verbindung zugreift.

ich hab mal netstat -a

[spoiler]Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
TCP 0.0.0.0:80 Andi-PC:0 ABH™REN
TCP 0.0.0.0:135 Andi-PC:0 ABH™REN
TCP 0.0.0.0:445 Andi-PC:0 ABH™REN
TCP 0.0.0.0:990 Andi-PC:0 ABH™REN
TCP 0.0.0.0:5357 Andi-PC:0 ABH™REN
TCP 0.0.0.0:21320 Andi-PC:0 ABH™REN
TCP 0.0.0.0:21321 Andi-PC:0 ABH™REN
TCP 0.0.0.0:21322 Andi-PC:0 ABH™REN
TCP 0.0.0.0:21323 Andi-PC:0 ABH™REN
TCP 0.0.0.0:22350 Andi-PC:0 ABH™REN
TCP 0.0.0.0:49152 Andi-PC:0 ABH™REN
TCP 0.0.0.0:49153 Andi-PC:0 ABH™REN
TCP 0.0.0.0:49154 Andi-PC:0 ABH™REN
TCP 0.0.0.0:49155 Andi-PC:0 ABH™REN
TCP 0.0.0.0:49156 Andi-PC:0 ABH™REN
TCP 127.0.0.1:5354 Andi-PC:0 ABH™REN
TCP 127.0.0.1:5679 Andi-PC:0 ABH™REN
TCP 127.0.0.1:7438 Andi-PC:0 ABH™REN
TCP 127.0.0.1:50758 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50759 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50760 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50761 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50762 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50763 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50764 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50765 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50766 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50770 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50828 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50830 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50831 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50832 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50833 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50834 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50835 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50836 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50837 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50838 Andi-PC:21322 WARTEND
TCP 141.30.202.226:139 Andi-PC:0 ABH™REN
TCP 141.30.202.226:50767 bk-in-f95:https WARTEND
TCP 141.30.202.226:50768 bk-in-f113:https WARTEND
TCP 141.30.202.226:50771 dd3728:http WARTEND
TCP 141.30.202.226:50772 bk-in-f95:http WARTEND
TCP 141.30.202.226:50773 bk-in-f95:http WARTEND
TCP 141.30.202.226:50774 bk-in-f154:http WARTEND
TCP 141.30.202.226:50775 bk-in-f154:http WARTEND
TCP 141.30.202.226:50776 bk-in-f102:http WARTEND
TCP 141.30.202.226:50777 bk-in-f102:http WARTEND
TCP 141.30.202.226:50778 bk-in-f94:http WARTEND
TCP 141.30.202.226:50779 bk-in-f94:http WARTEND
TCP 141.30.202.226:50780 bk-in-f94:http WARTEND
TCP 141.30.202.226:50781 dd3728:http WARTEND
TCP 141.30.202.226:50782 dd3728:http WARTEND
TCP 141.30.202.226:50783 dd3728:http WARTEND
TCP 141.30.202.226:50784 dd3728:http WARTEND
TCP 141.30.202.226:50785 dd3728:http WARTEND
TCP 141.30.202.226:50786 bk-in-f157:http WARTEND
TCP 141.30.202.226:50787 bk-in-f190:http WARTEND
TCP 141.30.202.226:50789 173.194.6.75:http WARTEND
TCP 141.30.202.226:50790 173.194.6.75:http WARTEND
TCP 141.30.202.226:50791 173.194.6.75:http WARTEND
TCP 141.30.202.226:50792 173.194.6.75:http WARTEND
TCP 141.30.202.226:50793 173.194.6.75:http WARTEND[/spoiler]

netstat -b

[spoiler]
Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status
TCP 127.0.0.1:50937 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50938 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50939 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50940 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50941 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50942 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50943 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50944 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50945 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50946 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50947 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50948 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50949 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50950 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50951 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50952 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50953 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50954 Andi-PC:21322 WARTEND
TCP 127.0.0.1:50955 Andi-PC:21322 WARTEND
[/spoiler]

und netstat -aob

[spoiler]
Aktive Verbindungen

Proto Lokale Adresse Remoteadresse Status PID
TCP 0.0.0.0:80 Andi-PC:0 ABH™REN 1632
[httpd.exe]
TCP 0.0.0.0:135 Andi-PC:0 ABH™REN 884
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP 0.0.0.0:990 Andi-PC:0 ABH™REN 3824
WcesComm
[svchost.exe]
TCP 0.0.0.0:5357 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP 0.0.0.0:21320 Andi-PC:0 ABH™REN 2712
[SDFSSvc.exe]
TCP 0.0.0.0:21321 Andi-PC:0 ABH™REN 3304
[SDUpdSvc.exe]
TCP 0.0.0.0:21322 Andi-PC:0 ABH™REN 2712
[SDFSSvc.exe]
TCP 0.0.0.0:21323 Andi-PC:0 ABH™REN 2712
[SDFSSvc.exe]
TCP 0.0.0.0:22350 Andi-PC:0 ABH™REN 3080
[CodeMeter.exe]
TCP 0.0.0.0:49152 Andi-PC:0 ABH™REN 548
[wininit.exe]
TCP 0.0.0.0:49153 Andi-PC:0 ABH™REN 1016
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 Andi-PC:0 ABH™REN 1124
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 Andi-PC:0 ABH™REN 600
[lsass.exe]
TCP 0.0.0.0:49156 Andi-PC:0 ABH™REN 584
[services.exe]
TCP 127.0.0.1:5354 Andi-PC:0 ABH™REN 2084
[mDNSResponder.exe]
TCP 127.0.0.1:5679 Andi-PC:0 ABH™REN 3824
WcesComm
[svchost.exe]
TCP 127.0.0.1:7438 Andi-PC:0 ABH™REN 3824
WcesComm
[svchost.exe]
TCP 127.0.0.1:50941 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50942 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50943 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50944 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50945 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50946 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50947 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50948 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50949 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50950 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50951 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50952 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50953 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50954 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50955 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50956 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50957 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50958 Andi-PC:21322 WARTEND 0
TCP 127.0.0.1:50959 Andi-PC:21322 WARTEND 0
TCP 141.30.202.226:139 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP 192.168.1.2:139 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP [::]:135 Andi-PC:0 ABH™REN 884
RpcSs
[svchost.exe]
TCP [::]:445 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP [::]:990 Andi-PC:0 ABH™REN 3824
WcesComm
[svchost.exe]
TCP [::]:5357 Andi-PC:0 ABH™REN 4

Es konnten keine Besitzerinformationen ermittelt werden.
TCP [::]:22350 Andi-PC:0 ABH™REN 3080
[CodeMeter.exe]
TCP [::]:49152 Andi-PC:0 ABH™REN 548
[wininit.exe]
TCP [::]:49153 Andi-PC:0 ABH™REN 1016
Eventlog
[svchost.exe]
TCP [::]:49154 Andi-PC:0 ABH™REN 1124
Schedule
[svchost.exe]
TCP [::]:49155 Andi-PC:0 ABH™REN 600
[lsass.exe]
TCP [::]:49156 Andi-PC:0 ABH™REN 584
[services.exe]
TCP [::1]:5679 Andi-PC:0 ABH™REN 3824
WcesComm
[svchost.exe]
UDP 0.0.0.0:123 *:* 1280
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:* 1124
IKEEXT
[svchost.exe]
UDP 0.0.0.0:1434 *:* 2864
[sqlbrowser.exe]
UDP 0.0.0.0:4500 *:* 1124
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:* 1476
Dnscache
[svchost.exe]
UDP 0.0.0.0:21328 *:* 2712
[SDFSSvc.exe]
UDP 0.0.0.0:22350 *:* 3080
[CodeMeter.exe]
UDP 0.0.0.0:49484 *:* 2084
[mDNSResponder.exe]
UDP 0.0.0.0:65411 *:* 2712
[SDFSSvc.exe]
UDP 127.0.0.1:1900 *:* 1280
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:53576 *:* 1124
ShellHWDetection
[svchost.exe]
UDP 127.0.0.1:65415 *:* 1280
SSDPSRV
[svchost.exe]
UDP 141.30.202.226:137 *:* 4

Es konnten keine Besitzerinformationen ermittelt werden.
UDP 141.30.202.226:138 *:* 4

Es konnten keine Besitzerinformationen ermittelt werden.
UDP 141.30.202.226:1900 *:* 1280
SSDPSRV
[svchost.exe]
UDP 141.30.202.226:5353 *:* 2084
[mDNSResponder.exe]
UDP 141.30.202.226:65413 *:* 1280
SSDPSRV
[svchost.exe]
UDP 192.168.1.2:137 *:* 4

Es konnten keine Besitzerinformationen ermittelt werden.
UDP 192.168.1.2:138 *:* 4

Es konnten keine Besitzerinformationen ermittelt werden.
UDP 192.168.1.2:1900 *:* 1280
SSDPSRV
[svchost.exe]
UDP 192.168.1.2:5353 *:* 2084
[mDNSResponder.exe]
UDP 192.168.1.2:65414 *:* 1280
SSDPSRV
[svchost.exe]
UDP [::]:123 *:* 1280
W32Time
[svchost.exe]
UDP [::]:500 *:* 1124
IKEEXT
[svchost.exe]
UDP [::]:1434 *:* 2864
[sqlbrowser.exe]
UDP [::]:49485 *:* 2084
[mDNSResponder.exe]
UDP [::1]:1900 *:* 1280
SSDPSRV
[svchost.exe]
UDP [::1]:65412 *:* 1280
SSDPSRV
[svchost.exe]
[/spoiler]

fällt jemanden etwas verdächtiges auf? Besonders netstat -aob gefällt mir nicht so. Ich weiß auch nicht was "Abhören" bedeutet!?

Ich hoffe ihr könnt mir helfen.

Grüße

Alt 07.01.2013, 20:21   #2
markusg
/// Malware-holic
 
hohes Datenaufkommen - Standard

hohes Datenaufkommen



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 07.01.2013, 20:45   #3
andi1803
 
hohes Datenaufkommen - Standard

hohes Datenaufkommen



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.01.2013 21:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,05% Memory free
4,22 Gb Paging File | 2,94 Gb Available in Paging File | 69,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 2,55 Gb Free Space | 3,66% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 18,69 Gb Free Space | 26,85% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 288,00 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.07 21:23:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.09.28 14:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\OSGeo4W\apache\bin\httpd.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.01 15:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.09.20 12:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.02 13:06:25 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.08 00:10:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.07.13 12:28:36 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.08 08:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 17:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2009.09.28 14:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OSGeo4W\apache\bin\httpd.exe -- (ApacheOSGeo4WWebServer)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 17:55:01 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.12.20 10:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.11.27 17:54:36 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.10.01 15:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.09.20 12:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aan0bfx2)
DRV - [2013.01.06 20:20:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.22 09:06:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.01.21 03:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.11.30 14:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.10.29 13:46:42 | 000,829,096 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.15 20:52:00 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
DRV - [2001.09.14 10:34:24 | 000,042,752 | ---- | M] (Fast Ethernet Controller Provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cb102.sys -- (CB102)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5212_4&babsrc=SP_clro&mntrId=240e99d100000000000000ff6783cfc8
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{79F65206-15E2-41AF-AC2D-75CF73B4DD90}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={95B07DD2-20E5-4F7E-9618-F7819F155FE5}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114506&tt=5212_4&babsrc=HP_clro&mntrId=240e99d100000000000000ff6783cfc8"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:1.7
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.18 17:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 14:04:15 | 000,000,000 | ---D | M]
 
[2009.02.07 17:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions
[2012.12.30 15:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions
[2010.04.27 13:10:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.11 10:54:23 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011.01.24 18:42:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.11 10:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.10.19 20:05:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\firefox@tvunetworks.com
[2011.03.11 10:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\3tkuk43n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.12.22 20:34:44 | 000,563,640 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\extensions\toolbar@web.de.xpi
[2011.11.25 01:16:19 | 000,030,305 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2011.12.22 20:46:04 | 000,000,933 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\11-suche.xml
[2012.12.30 13:45:54 | 000,006,522 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\BrowserProtect.xml
[2012.12.30 13:46:50 | 000,001,300 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\claro.xml
[2011.12.22 20:46:05 | 000,002,419 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\englische-ergebnisse.xml
[2011.12.22 20:46:04 | 000,010,525 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\gmx-suche.xml
[2011.01.15 03:25:22 | 000,000,943 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-1.xml
[2010.05.21 20:59:46 | 000,000,943 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-10.xml
[2010.04.02 17:44:12 | 000,000,943 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-2.xml
[2010.03.17 15:45:17 | 000,000,943 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-3.xml
[2010.03.24 11:59:59 | 000,000,943 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-4.xml
[2010.03.03 15:24:19 | 000,000,961 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-5.xml
[2009.07.25 16:20:52 | 000,000,950 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-6.xml
[2009.08.05 07:50:13 | 000,000,950 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-7.xml
[2009.09.12 09:57:11 | 000,000,950 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-8.xml
[2009.10.31 10:54:08 | 000,000,950 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\icqplugin.xml
[2011.12.22 20:46:05 | 000,002,457 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\lastminute.xml
[2011.12.03 12:38:47 | 000,002,072 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\Linkury Smartbar Search.xml
[2011.08.12 21:02:47 | 000,003,915 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\SweetIM Search.xml
[2011.08.30 23:29:26 | 000,005,508 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\3tkuk43n.default\searchplugins\webde-suche.xml
[2011.05.18 17:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.07 18:55:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.25 22:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2009.04.20 17:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=5212_4&babsrc=HP_clro&mntrId=240e99d100000000000000ff6783cfc8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=5212_4&babsrc=HP_clro&mntrId=240e99d100000000000000ff6783cfc8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andi\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andi\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andi\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Andi\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AG DSN Traffic = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllbkcihggpehcegofppdcnjgjbkjaoa\1.0.6_0\
CHR - Extension: YouTube = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Earthy = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0_0\
CHR - Extension: ChromeReload = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0\
CHR - Extension: Google Mail = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.04 21:22:27 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Web-Suche - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.30.228.39 141.30.228.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34C6CB2E-8BBC-4BE4-9147-C2505DAF4740}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B485926D-5F30-49FD-9496-F5F3C43DC54A}: DhcpNameServer = 141.30.228.39 141.30.228.4
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{45dd3b36-6357-11de-98de-000000000000}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{85b489a7-e15d-11dd-b180-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kUNDEN.EXE
O33 - MountPoints2\{e6cdea79-b396-11df-acaf-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{e6cdea79-b396-11df-acaf-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.07 14:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.07 14:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.07 14:47:25 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.07 14:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.06 20:20:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.06 17:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure
[2013.01.06 17:42:39 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Max Secure Software
[2013.01.06 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\GetRightToGo
[2013.01.04 21:03:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Andi\Desktop\HiJackThis204.exe
[2013.01.03 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 22:02:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.03 22:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.03 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2013.01.03 11:50:34 | 000,000,000 | ---D | C] -- C:\Users\Andi\.android
[2013.01.03 10:59:41 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Android
[2013.01.02 13:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2013.01.02 13:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2013.01.02 13:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2013.01.02 13:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2013.01.02 13:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2012.12.30 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Wise Registry Cleaner
[2012.12.30 14:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012.12.30 14:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012.12.30 14:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2012.12.30 14:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2012.12.30 00:30:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\PerformerSoft
[2012.12.30 00:30:37 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.12.29 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.12.29 22:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008.09.12 13:49:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Andi\AppData\Roaming\pcouffin.sys
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andi\Desktop\*.tmp files -> C:\Users\Andi\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.07 21:30:51 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BD5A4A7-BD26-4A68-8453-7C76CF6A8E69}.job
[2013.01.07 20:53:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-16002184-3614097933-1404553542-1004UA.job
[2013.01.07 20:39:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.07 19:36:44 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.01.07 19:36:34 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 19:36:33 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 19:36:31 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.07 19:36:28 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.07 19:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.07 19:34:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.07 19:08:18 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.07 19:08:18 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.07 15:19:54 | 000,001,315 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.07 14:47:31 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.07 10:24:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.01.07 05:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-16002184-3614097933-1404553542-1004Core.job
[2013.01.07 00:00:43 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Andi-PC_Andi.job
[2013.01.06 21:46:19 | 000,684,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.06 21:46:19 | 000,641,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.06 21:46:19 | 000,149,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.06 21:46:19 | 000,121,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.06 20:20:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.06 18:01:06 | 002,661,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.04 21:22:27 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.04 15:49:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Andi\Desktop\HiJackThis204.exe
[2013.01.04 00:40:51 | 000,245,760 | ---- | M] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.03 22:02:26 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.03 19:23:09 | 000,002,631 | ---- | M] () -- C:\Users\Andi\Desktop\Microsoft Office Word 2007.lnk
[2013.01.02 13:45:02 | 000,008,284 | ---- | M] () -- C:\Windows\System32\eps_icon.avi
[2013.01.02 13:43:55 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013.01.02 13:31:44 | 000,195,833 | ---- | M] () -- C:\Users\Andi\Documents\Erich_Kaestner.FH11
[2012.12.30 00:51:01 | 000,320,686 | ---- | M] () -- C:\Users\Andi\Documents\cc_20121230_004957.reg
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 17:03:39 | 000,002,041 | ---- | M] () -- C:\Users\Andi\Desktop\Google Chrome.lnk
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andi\Desktop\*.tmp files -> C:\Users\Andi\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.07 19:36:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.01.07 15:19:52 | 000,001,315 | ---- | C] () -- C:\Windows\wininit.ini
[2013.01.07 14:47:44 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.07 14:47:44 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.07 14:47:42 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.07 14:47:31 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.07 14:47:31 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.03 22:02:26 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.02 13:43:55 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013.01.02 13:31:44 | 000,195,833 | ---- | C] () -- C:\Users\Andi\Documents\Erich_Kaestner.FH11
[2012.12.30 00:50:04 | 000,320,686 | ---- | C] () -- C:\Users\Andi\Documents\cc_20121230_004957.reg
[2012.12.11 12:15:41 | 002,812,692 | ---- | C] () -- C:\Users\Andi\Desktop\Photoshop 32 Bit OS Loader.EXE
[2012.11.13 12:14:28 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.11.13 12:14:28 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.11.10 12:27:33 | 000,000,218 | ---- | C] () -- C:\Users\Andi\.recently-used.xbel
[2012.07.19 14:32:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.09 22:16:05 | 000,055,296 | ---- | C] () -- C:\ProgramData\dvixpuefwxrxyml
[2012.07.09 22:06:03 | 000,040,448 | ---- | C] () -- C:\ProgramData\sibfkucixrtkdwr
[2012.07.09 22:06:03 | 000,000,098 | ---- | C] () -- C:\ProgramData\cabbdfeacfbdfgfdgfdgdfg.cfg
[2011.11.08 14:03:31 | 000,000,084 | ---- | C] () -- C:\Users\Andi\.grassrc6
[2011.07.21 21:04:30 | 000,011,311 | ---- | C] () -- C:\Users\Andi\gsview32.ini
[2011.04.28 16:58:04 | 000,017,089 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\UserTile.png
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.06 15:46:47 | 000,000,552 | ---- | C] () -- C:\Users\Andi\AppData\Local\d3d8caps.dat
[2009.04.19 17:56:39 | 076,658,072 | ---- | C] () -- C:\Users\Andi\jdk-6u13-windows-i586-p.exe
[2009.02.02 15:12:45 | 000,000,680 | ---- | C] () -- C:\Users\Andi\AppData\Local\d3d9caps.dat
[2009.02.01 15:28:28 | 000,000,127 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\default.rss
[2009.02.01 15:28:27 | 000,000,000 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\downloads.m3u
[2008.11.26 21:18:57 | 000,000,600 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\winscp.rnd
[2008.09.30 19:49:58 | 000,002,266 | ---- | C] () -- C:\Users\Andi\AppData\Local\wgoxa.dat
[2008.09.30 19:49:58 | 000,000,089 | ---- | C] () -- C:\Users\Andi\AppData\Local\wgoxa.bat
[2008.09.12 13:49:05 | 000,087,608 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\inst.exe
[2008.09.12 13:49:05 | 000,007,887 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.cat
[2008.09.12 13:49:05 | 000,001,144 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\pcouffin.inf
[2008.09.03 13:52:08 | 000,004,302 | ---- | C] () -- C:\Users\Andi\00000103.103
[2008.08.30 11:51:53 | 000,245,760 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.29 17:29:34 | 000,004,096 | -H-- | C] () -- C:\Users\Andi\AppData\Local\keyfile3.drm
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.13 13:40:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Autodesk
[2010.06.09 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Blender Foundation
[2010.06.12 21:21:43 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Broad Intelligence
[2009.01.19 19:57:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools
[2011.11.27 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite
[2009.01.19 19:57:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Pro
[2012.08.16 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox
[2012.07.31 21:33:50 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ecuzi
[2013.01.02 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Electronic Arts
[2010.05.28 19:45:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\EPSON
[2012.01.23 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ESRI
[2013.01.06 17:42:47 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\GetRightToGo
[2012.11.10 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\gtk-2.0
[2012.12.28 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ICQ
[2012.01.23 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\IrfanView
[2009.12.28 16:25:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Leadertech
[2012.07.14 00:43:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Lofyez
[2012.07.06 11:05:59 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ocqi
[2011.11.09 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenCandy
[2012.07.20 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Oxygix
[2012.11.13 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PC Suite
[2011.04.28 16:58:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PeerNetworking
[2013.01.02 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PerformerSoft
[2012.05.15 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Red Kawa
[2012.11.13 12:13:40 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung
[2012.07.19 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TeamViewer
[2012.07.14 11:06:24 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ufesg
[2012.08.02 09:43:08 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Voilyh
[2008.09.26 14:19:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Vso
[2012.07.31 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Vygihi
[2012.12.30 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Wise Registry Cleaner
[2011.12.25 23:49:23 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\XnView
[2012.07.19 17:40:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Zucu
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 9952 bytes -> C:\Windows\System32\{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >
         
--- --- ---



Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.01.2013 21:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,05% Memory free
4,22 Gb Paging File | 2,94 Gb Available in Paging File | 69,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 2,55 Gb Free Space | 3,66% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 18,69 Gb Free Space | 26,85% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 288,00 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E30792-8079-4AD8-B51E-692E81EE046F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{23C2E053-E7E2-42FE-A59F-B837AD4FA37B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2CC16055-442F-4692-9D5B-18277EE26AD4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{32DA6B51-9E0A-4BD6-9B65-E95B2190D454}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A5C88AF-8041-4605-B87C-BF5052C596EC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5FA5E7A4-0A78-4B46-BE04-A183109D6BE4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{62570E07-B3F8-499F-A8AD-6D4363523636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E229603-7768-4E58-89CC-B1E2FADF64C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7749672D-90F4-42AB-9108-DA84966DB206}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83011A7D-5114-47E8-BCB2-346988BA59F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe | 
"{9ABD49ED-48B3-4209-BF98-B15F78C10787}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A0AEEF60-E765-4DD0-8F72-81B1579A2302}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C858FD8E-A612-43F8-B6B4-C7EE025FA8F1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1382C339-0F7D-499E-AC89-A59A388450DA}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{15773506-5D27-4E92-96BC-E3D52EFE4EDF}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{1B24920F-8C57-4223-B56E-096C0D53FDC4}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{213B02AC-F65D-4DDB-BF14-A4ACBDF91CB0}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | 
"{27E3DC06-CF7A-4A34-8FFC-4762C9755FBE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2CA5B232-8BC3-4FB2-93B9-D5C3F9BF5394}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37C15117-35D9-43A2-B594-556DD5695BA3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{399485E8-9313-4667-90F0-39CD33842A67}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{40E60008-099B-4CF8-9653-B16DDF446F50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{45391094-AC0E-47D1-8E71-0D01619BEC01}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{454E8927-F715-486A-A4CC-BAF7BCFC195B}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | 
"{470944A2-2588-427C-8766-722AAF4D1F96}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{607EFBEC-E162-4BF9-8C0E-DBE3D2D42EC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64750AB5-9E02-4634-B2C4-406E4C548B58}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7198C67F-D819-46BF-89A9-F8898D206D43}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{71AD3A65-8F64-4A3C-A8D8-333B3ED8C95D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{74EA82D8-327C-4BF3-9CE4-BB34F5438B7B}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{78995001-887E-4351-9533-141969C015DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{84A4B68E-173B-439E-AE1C-BD3EAC2A5DA5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8522960E-130E-4B72-8F84-A99EB9B1ABC6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{85BE943F-017E-40DA-A3D3-9F507659D849}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{8C73C4DB-30BC-4F6C-BECC-31AC508D9714}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{96F4D656-9D04-4FE7-87A3-BB95261302E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9F5F0935-4A67-4315-BF4A-2DE03409426D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A83EC92B-F228-40F5-B850-69B7D6DB8F7B}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{AE3C6A3E-5F27-487B-BF8B-F5006D91B82B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B56D1A34-909B-4C4A-9DE5-6DAE6D6C7D4C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C09708F8-6588-46EE-BCC4-05667257F0E1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C51C092D-080F-434B-8C40-2A4A2CBD5271}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF0974B5-F8AB-4975-918B-F1DC5527D3EF}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{D4E15F82-0A62-4A9B-980C-14E9147BD889}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D5CBFD26-6D18-43CA-9EC7-D9630832E4FB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC943601-0012-4619-AF43-9CB7EBECBD5C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF755068-B29C-47C7-B169-D9C9A0A2C975}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EBE20DF3-0C63-4071-AAB9-BD92E972891F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F05679CE-9B89-4EAD-9677-834920AE40CA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{F2016C89-95F5-44AE-948E-EFAAD136E6D5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FE937167-92DA-4FCF-BA8F-CD9CB33083B5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"TCP Query User{0521E674-CA93-4BD0-9938-0FF4857B1F69}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{20525223-90FA-4D47-A35B-8FA1E11DEEDD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{2717A432-8781-4A41-B0F4-F9E96D19B6C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4E4C84D0-A9DE-4C67-81E2-0020FA4573EA}C:\program files\java\jre1.5.0_12\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_12\bin\java.exe | 
"TCP Query User{53ED0602-F02E-433A-99B8-2EEFAE9E6DB4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{6732C2E3-3418-47B0-8AFB-16323822C6D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{739D5F66-539A-4325-9240-029657DBB5B1}C:\program files\analogx\proxy\proxy.exe" = protocol=6 | dir=in | app=c:\program files\analogx\proxy\proxy.exe | 
"TCP Query User{7A536B0F-6588-4BBD-8198-8FD316FC070D}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{7C5A855B-1A1C-4C4F-A8EB-2E02917C6BD4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8C7CF523-A983-46AF-970F-A8A6A6E53C84}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{9A468BA7-8F44-4FC3-A97E-31A2A8A40C81}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{9E3FD82E-1F17-4BE3-AE69-091A1955838D}C:\osgeo4w\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\osgeo4w\apache\bin\httpd.exe | 
"TCP Query User{AEAB8C71-CE50-4FD1-9B2B-2797B8703456}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CAFD7A6D-3D5C-4004-BE33-B9F5C66EA4AC}C:\program files\java\jdk1.7.0_04\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_04\bin\java.exe | 
"TCP Query User{DB310B2D-0ABC-41A5-A580-7B3B297F9F1B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F41360A8-4BAC-4B89-9FFB-FC2701F12B54}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{F7BEC1A8-07CF-4485-83D2-6D1574B9DC30}C:\program files\java\jre1.5.0_12\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_12\bin\javaw.exe | 
"UDP Query User{1304C1CC-06A2-4D03-B651-11F15980FFF6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1F38C345-2753-46B1-9EC8-23AC649C4D69}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2657CF20-2602-4DC5-937E-6E0BF16603DF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{47D0F889-055E-4FA9-AE23-95E3A145ECF7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5C178A52-534B-45AE-9E3B-3CB02577F5F1}C:\program files\java\jre1.5.0_12\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_12\bin\javaw.exe | 
"UDP Query User{67A80172-6C04-48B5-9DA2-7FECB1450051}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{78537889-2F7F-4FA2-A219-BDE9F82E7C97}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{7B36B47A-4992-4F67-9170-708342D03720}C:\program files\java\jre1.5.0_12\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_12\bin\java.exe | 
"UDP Query User{86444389-FDE4-4D06-8B84-FA3037CDC7D8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{956124E0-158A-44EF-9B09-99608B400CEF}C:\osgeo4w\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\osgeo4w\apache\bin\httpd.exe | 
"UDP Query User{A5589BA0-3F28-430E-87E0-81044869202C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B5A288C7-42D2-4B4C-8C22-5B36E4396F6C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C10E8476-1D51-4DD0-BF2E-24591945F57A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C20DCFC0-48B2-4D76-95E1-112568F7EEBE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CB49B917-AAA2-4874-ADED-2D179A729BF9}C:\program files\java\jdk1.7.0_04\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_04\bin\java.exe | 
"UDP Query User{D3568574-6170-4D2E-876A-2761695A26C8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F67287D4-DCB2-41C0-87C2-4569B15856B2}C:\program files\analogx\proxy\proxy.exe" = protocol=17 | dir=in | app=c:\program files\analogx\proxy\proxy.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541E5E15-7186-4395-9593-16D02765FF27}" = Duden Korrektor PLUS
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-B001-0000-0002-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German)
"{5783F2D7-B001-0407-1002-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - Deutsch (German)
"{5783F2D7-B001-0407-2002-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75a445ed-ead4-406e-9dcd-ee756e3ccd0a}" = Nero 9
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1442CE5-3EF0-4298-9927-1117074DA390}" = GDAL 19 (MSVC 2008)
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Android SDK Tools" = Android SDK Tools
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Blender" = Blender (remove only)
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.18
"Dia" = Dia (nur entfernen)
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"GeoServer 2.1.3" = GeoServer 2.1.3
"Golden Axe_is1" = Golden Axe
"Google Updater" = Google Updater
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{541E5E15-7186-4395-9593-16D02765FF27}" = Duden Korrektor PLUS
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"JDownloader" = JDownloader
"Magic DVD Copier_is1" = Magic DVD Copier Version 4.9 build 2
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2007b" = MATLAB R2007b
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"numpy-py2.6" = Python 2.6 numpy-1.6.2
"PROHYBRIDR" = 2007 Microsoft Office system
"PSP Video 9" = PSP Video 9 6
"PSPad editor_is1" = PSPad editor
"Recuva" = Recuva
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"ST6UNST #1" = Vimage 4.1 (Releaseversion)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.61
"XMedia Recode" = XMedia Recode 2.1.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GDAL-py2.6" = Python 2.6 GDAL-1.9.0
"Google Chrome" = Google Chrome
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 16:37:57 | Computer Name = Andi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 06.01.2013 16:37:57 | Computer Name = Andi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 06.01.2013 19:08:09 | Computer Name = Andi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 09:14:01 | Computer Name = Andi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 14:08:31 | Computer Name = Andi-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 07.01.2013 14:09:37 | Computer Name = Andi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 14:33:16 | Computer Name = Andi-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 07.01.2013 14:34:16 | Computer Name = Andi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2013 14:36:49 | Computer Name = Andi-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 07.01.2013 14:37:43 | Computer Name = Andi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 05.11.2010 16:43:55 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5599
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2010 14:52:35 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2012 06:39:30 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 07.01.2013 10:19:54 | Computer Name = Andi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 07.01.2013 09:00:36 | Computer Name = Andi-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 07.01.2013 09:00:36 | Computer Name = Andi-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 07.01.2013 09:12:32 | Computer Name = Andi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.01.2013 09:14:02 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2013 14:08:18 | Computer Name = Andi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.01.2013 14:09:40 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2013 14:32:59 | Computer Name = Andi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.01.2013 14:34:17 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2013 14:36:27 | Computer Name = Andi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.01.2013 14:37:43 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 08.01.2013, 17:14   #4
markusg
/// Malware-holic
 
hohes Datenaufkommen - Standard

hohes Datenaufkommen



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu hohes Datenaufkommen
127.0.0.1, adresse, besonders, datenvolumen, hoffe, https, irgend, konnte, lokale, lsass.exe, netstat, remoteadresse, services.exe, spoiler, svchost.exe, tagen, tcp, traaffic, troja, trojaner, udp, verbindung, verdächtiges, w32, winini, woran




Zum Thema hohes Datenaufkommen - Hi, seit einigen Tagen habe ich einen erhöten Traffic. Ich weis nicht woran es liegt und befürchte nun das irgend ein Trojaner auf meine Verbindung zugreift. ich hab mal netstat - hohes Datenaufkommen...
Archiv
Du betrachtest: hohes Datenaufkommen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.