BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS

MrMaho · 20.03.2013, 22:57

Hallo zusammen,

Habe seit kurzem einen BKA-Trojaner auf meinem PC. Es kam das bekannte Bild mit der Aufforderung,100€ zu zahlen.Kein Zugriff mehr auf den Rechner über Vista. Beim Neustart nur noch white screen. Glücklicherweise habe ich auch XP auf dem Rechner und kann evtl darüber zugreifen, nach einem Neustart kann ich zw. den BS auswählen. Vista läuft nicht. Leider lieferten auch alle Scans mit Antiviren-SW (AVIRA, usw.) und auch Kaspersky-rescue nichts. Auch in der registry konnte ich keine Einträge finden (unter HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon steht “explorer.exe”). Auch Foren, wie gutefrage.net, chip.de, computerbase.de/forum, usw. konnten bisher nicht helfen. Leider habe ich zurzeit auch keinen Internetzugang mehr auf dem PC, wurde durch Trojaner lahmgelegt.

Wer kann mir hier helfen?

###############################################

Hier das txt-logfile von malware, ich habe nur Suchlauf gemacht und noch nichts gelöscht:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
MrM :: MRM-PC [Administrator]

20.03.2013 18:46:08
mbam-log-2013-03-20 (18-46-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 690621
Laufzeit: 1 Stunde(n), 41 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\MrM\AppData\Roaming\skype.dat -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\MrM\XP statt Vista\RemoveWGA.exe (PUP.RemoveWGA) -> Keine Aktion durchgeführt.
C:\Users\MrM\XP statt Vista\RemoveWGA12.exe (PUP.RemoveWGA) -> Keine Aktion durchgeführt.
D:\MrM\XP statt Vista\RemoveWGA.exe (PUP.RemoveWGA) -> Keine Aktion durchgeführt.
D:\MrM\XP statt Vista\RemoveWGA12.exe (PUP.RemoveWGA) -> Keine Aktion durchgeführt.
C:\Users\MrM\AppData\Roaming\skype.dat (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Hier die logfiles von Gmer, OTL und EXTRAS:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-20 22:43:01
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-07A7B0 rev.01.03B01 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MrM\AppData\Local\Temp\pwldypog.sys

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a29f3c (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a29f3c
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000272a29f3c (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Capabilities@ApplicationDescription C:\Windows\explorer.exe (Windows Explorer/Microsoft Corporation SIGNED)(2009-05-28 18:02:40)

---- EOF - GMER 2.1 ----

#################################################

OTL logfile created on: 20.03.2013 21:21:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrM\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,19% Memory free
6,25 Gb Paging File | 5,82 Gb Available in Paging File | 93,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 27,38 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 132,59 Gb Free Space | 43,71% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 0,28 Gb Free Space | 14,48% Space Free | Partition Type: FAT32

Computer Name: MRM-PC | User Name: MrM | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.20 21:16:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrM\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

========== Modules (No Company Name) ==========

MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Disabled | Stopped] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 19:34:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:34:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 14:01:16 | 000,314,368 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Disabled | Stopped] -- C:\Users\MrM\Desktop\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009.01.02 20:14:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.18 13:21:16 | 000,341,264 | ---- | M] (Fujitsu Siemens Computers) [Disabled | Stopped] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.08 19:34:48 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:34:48 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.08 11:46:58 | 000,673,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw66xxx.sys -- (hcw66xxx)
DRV - [2010.11.25 06:59:16 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.10.22 02:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 02:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.11.11 15:05:18 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008.11.11 15:05:16 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008.07.22 09:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.07.08 02:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008.01.10 02:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 02:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.12.11 09:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007.04.24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006.02.17 20:34:24 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k510obex.sys -- (k510obex)
DRV - [2006.02.17 20:34:22 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k510mgmt.sys -- (k510mgmt)
DRV - [2006.02.17 20:34:17 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2006.02.17 20:34:15 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2006.02.17 20:34:10 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k510bus.sys -- (k510bus)
DRV - [2005.10.28 04:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2004.10.25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004.05.02 09:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVCplDrv.sys -- (GVCplDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1993C63F-2963-4CC7-9B04-BAE0986821CE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 15:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.03.10 11:41:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 09:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.05 13:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2013.01.05 13:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2012.10.22 18:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\Extensions
[2012.03.05 23:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.03.08 17:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\Firefox\Profiles\6sbpq4ea.default\extensions
[2013.02.24 10:55:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MrM\AppData\Roaming\mozilla\Firefox\Profiles\6sbpq4ea.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.16 11:15:03 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\MrM\AppData\Roaming\mozilla\Firefox\Profiles\6sbpq4ea.default\extensions\50cd9c8a1087a@50cd9c8a108b4.com
[2012.03.05 23:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\Sunbird\Profiles\v4xtg7wk.default\extensions
[2013.03.08 17:07:58 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\extensions\toolbar@web.de.xpi
[2012.11.30 22:21:31 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012.08.30 19:48:29 | 000,000,853 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\11-suche.xml
[2010.11.23 12:14:58 | 000,000,929 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\conduit.xml
[2012.08.30 19:48:29 | 000,002,209 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\englische-ergebnisse.xml
[2012.08.30 19:48:29 | 000,010,506 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\gmx-suche.xml
[2013.03.10 11:16:49 | 000,000,950 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\icqplugin-1.xml
[2009.09.19 07:05:43 | 000,000,950 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\icqplugin-2.xml
[2009.09.19 21:36:06 | 000,000,950 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\icqplugin-3.xml
[2009.10.29 01:00:16 | 000,000,950 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\icqplugin-4.xml
[2009.09.16 21:08:42 | 000,000,950 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\icqplugin.xml
[2012.08.30 19:48:29 | 000,002,368 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\lastminute.xml
[2012.09.24 22:32:12 | 000,002,515 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\Search_Results.xml
[2012.08.30 19:48:29 | 000,005,489 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\mozilla\firefox\profiles\6sbpq4ea.default\searchplugins\webde-suche.xml
[2012.10.22 18:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.12 17:08:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.23 20:36:46 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013.03.09 09:23:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.09 17:21:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.06 17:37:06 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.01 06:14:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.09 17:21:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.09 17:21:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.24 22:32:12 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.09 17:21:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 17:21:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\MrM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SaveByclick Class) - {A2391DA7-5B48-C16D-6D16-61AF7C6F0FDD} - C:\ProgramData\SaveByclick\50cd9c8a109ee.ocx File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93EE8C1B-E6AA-477C-BCF4-83EB576532FA}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C9CDA8-C6B7-477D-9E42-8375C52BB421}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEC4CDDA-2E91-4054-B793-810AF647FA13}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F28C8241-B159-4809-A324-152F55DBB8AE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\MrM\AppData\Roaming\skype.dat) - C:\Users\MrM\AppData\Roaming\skype.dat (NkWFoATmq8o)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e0b6b03-e62c-11e0-82db-0021859cbb21}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0b6b03-e62c-11e0-82db-0021859cbb21}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3e0b6b0d-e62c-11e0-82db-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0b6b0d-e62c-11e0-82db-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.20 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\MrM\Desktop\Neuer Ordner (2)
[2013.03.20 21:18:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MrM\Desktop\OTL.exe
[2013.03.20 18:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.20 18:45:31 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.20 18:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.10 16:29:08 | 000,000,000 | ---D | C] -- C:\Users\MrM\Desktop\REACh
[2013.03.10 11:41:09 | 000,000,000 | ---D | C] -- C:\Users\MrM\Documents\PDF Architect Files
[2013.03.10 11:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.03.10 11:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2012.01.10 20:53:38 | 000,081,920 | ---- | C] (NkWFoATmq8o) -- C:\Users\MrM\AppData\Roaming\skype.dat

========== Files - Modified Within 30 Days ==========

[2013.03.20 21:20:49 | 000,130,048 | ---- | M] () -- C:\Users\MrM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.20 21:17:18 | 000,377,856 | ---- | M] () -- C:\Users\MrM\Desktop\gmer_2.1.19155.exe
[2013.03.20 21:16:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrM\Desktop\OTL.exe
[2013.03.20 18:45:32 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.20 18:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.20 05:58:26 | 000,000,004 | ---- | M] () -- C:\Users\MrM\AppData\Roaming\skype.ini
[2013.03.20 05:58:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 05:58:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 05:58:03 | 000,410,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.17 11:49:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.17 11:45:58 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.17 11:40:53 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.17 11:40:53 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.17 11:40:53 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.17 11:40:53 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 19:45:22 | 000,001,356 | ---- | M] () -- C:\Users\MrM\AppData\Local\d3d9caps.dat
[2013.03.10 19:28:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.10 11:36:08 | 000,009,239 | ---- | M] () -- C:\Users\MrM\Desktop\Zahlungsbeleg -GOLDEN THAI- PayPal.pdf
[2013.02.24 14:09:33 | 000,101,995 | ---- | M] () -- C:\Users\MrM\Desktop\Mode Online Shop - Kleidung - Schuhe - Möbel kaufen BAUR Versand.pdf
[2013.02.24 12:41:26 | 000,175,419 | ---- | M] () -- C:\Users\MrM\Desktop\BoardingPassHOECHERLMARIO.pdf
[2013.02.23 10:54:13 | 005,109,966 | ---- | M] () -- C:\Users\MrM\Desktop\Neuer Ordner.zip
[2013.02.23 10:53:36 | 000,404,996 | ---- | M] () -- C:\Users\MrM\Desktop\kaufvertrag_allgemein[1].pdf

========== Files Created - No Company Name ==========

[2013.03.20 21:18:15 | 000,377,856 | ---- | C] () -- C:\Users\MrM\Desktop\gmer_2.1.19155.exe
[2013.03.20 18:45:32 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.10 18:09:38 | 000,000,004 | ---- | C] () -- C:\Users\MrM\AppData\Roaming\skype.ini
[2013.03.10 11:36:05 | 000,009,239 | ---- | C] () -- C:\Users\MrM\Desktop\Zahlungsbeleg -GOLDEN THAI- PayPal.pdf
[2013.03.03 21:38:38 | 000,869,238 | ---- | C] () -- C:\Users\MrM\Desktop\anwohnerparkausweis.jpg
[2013.03.03 21:37:52 | 000,340,736 | ---- | C] () -- C:\Users\MrM\Desktop\fax barclay.pdf
[2013.02.24 14:09:35 | 000,101,995 | ---- | C] () -- C:\Users\MrM\Desktop\Mode Online Shop - Kleidung - Schuhe - Möbel kaufen BAUR Versand.pdf
[2013.02.24 12:41:26 | 000,175,419 | ---- | C] () -- C:\Users\MrM\Desktop\BoardingPassHOECHERLMARIO.pdf
[2013.02.23 10:54:08 | 005,109,966 | ---- | C] () -- C:\Users\MrM\Desktop\Neuer Ordner.zip
[2013.02.23 10:53:35 | 000,404,996 | ---- | C] () -- C:\Users\MrM\Desktop\kaufvertrag_allgemein[1].pdf
[2013.01.13 11:19:04 | 000,106,574 | ---- | C] () -- C:\Users\MrM\attachment.pdf
[2012.12.21 16:37:31 | 000,426,370 | ---- | C] () -- C:\Users\MrM\perso_vo.jpg
[2012.12.21 16:37:31 | 000,400,394 | ---- | C] () -- C:\Users\MrM\perso_ru.jpg
[2012.12.15 10:19:19 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.02.28 21:18:56 | 000,001,057 | ---- | C] () -- C:\Users\MrM\AppData\Roaming\vso_ts_preview.xml
[2011.10.03 10:23:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.10.02 18:02:07 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2011.10.01 21:49:40 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.10.01 21:49:40 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.10.01 21:49:40 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2011.10.01 21:49:40 | 000,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2011.08.28 19:17:36 | 000,004,447 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.06.20 18:31:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.22 10:33:10 | 000,163,840 | ---- | C] () -- C:\Windows\System32\12kUBusd.dll
[2011.04.22 10:28:26 | 000,000,000 | ---- | C] () -- C:\Windows\UI.INI
[2011.02.26 09:39:45 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.08.15 19:06:46 | 000,000,205 | ---- | C] () -- C:\Users\MrM\AppData\Roaming\mdbu.bin
[2010.04.10 11:59:05 | 000,001,356 | ---- | C] () -- C:\Users\MrM\AppData\Local\d3d9caps.dat
[2010.03.13 10:58:00 | 001,029,272 | ---- | C] () -- C:\Users\MrM\Ein Geld Kleid.pdf
[2010.02.18 19:24:14 | 000,310,593 | ---- | C] () -- C:\Users\MrM\Toyota Avensis Forum Old...pdf
[2010.02.04 00:10:38 | 002,003,705 | ---- | C] () -- C:\Users\MrM\Migraenekalender.pdf
[2010.02.03 23:57:03 | 001,932,534 | ---- | C] () -- C:\Users\MrM\netdoktor-kopfschmerzkalender.pdf
[2009.12.19 22:16:11 | 000,000,148 | ---- | C] () -- C:\Users\MrM\AppData\Roaming\AVSMediaPlayer.m3u
[2009.12.13 20:51:58 | 000,001,383 | ---- | C] () -- C:\Users\MrM\remove_WGA.rtf
[2009.10.22 06:25:12 | 000,127,663 | ---- | C] () -- C:\Users\MrM\img177.jpg
[2009.10.22 06:25:12 | 000,125,090 | ---- | C] () -- C:\Users\MrM\img178.jpg
[2009.10.20 22:09:32 | 003,680,024 | ---- | C] () -- C:\Users\MrM\blechumformung.pdf
[2009.10.20 22:08:01 | 000,278,293 | ---- | C] () -- C:\Users\MrM\umform-grundlagen.pdf
[2009.10.20 22:07:53 | 002,263,047 | ---- | C] () -- C:\Users\MrM\umformen_allg.pdf
[2009.10.20 11:16:16 | 000,085,672 | ---- | C] () -- C:\Users\MrM\bar hemingway_stralsund_cocktails.pdf
[2009.07.01 18:17:40 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.03.22 21:29:58 | 000,201,071 | ---- | C] () -- C:\Users\MrM\impfen_impfbuch.pdf
[2009.03.22 21:29:58 | 000,087,623 | R--- | C] () -- C:\Users\MrM\liniennetz_tschech.pdf
[2009.03.22 21:29:58 | 000,032,980 | ---- | C] () -- C:\Users\MrM\service.gmx.pdf
[2008.12.31 02:28:08 | 000,130,048 | ---- | C] () -- C:\Users\MrM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.05.03 21:25:41 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\AllDup
[2012.12.16 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\APP_NAME_NON_STRING
[2013.03.12 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\BitTorrent
[2010.05.27 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Canneverbe Limited
[2013.01.27 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\DassaultSystemes
[2010.07.27 16:50:51 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\DeepBurner
[2010.06.09 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.25 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\FreeBurner
[2012.09.24 22:32:22 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\FreeFLVConverter
[2011.05.30 21:43:21 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\GetRightToGo
[2010.02.20 13:34:38 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\gtk-2.0
[2011.08.11 21:09:49 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Gutscheinmieze
[2010.06.08 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\ICQ
[2011.04.24 10:09:39 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\ImTOO
[2012.09.04 20:54:50 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Irateh
[2011.05.03 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\IrfanView
[2009.08.16 22:24:59 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Keynote Systems
[2009.01.22 21:11:19 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\MAGIX
[2010.05.29 09:28:00 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Nokia
[2010.05.29 09:28:01 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Nokia Ovi Suite
[2010.10.07 06:09:59 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Nonoh
[2011.02.11 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Opera
[2010.05.21 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\PC Suite
[2013.01.01 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\PDF Architect
[2010.07.05 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Samsung
[2008.12.31 10:50:48 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Serif
[2011.11.09 21:02:57 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Tipp4u
[2009.01.20 19:23:27 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Tunebite
[2012.11.23 10:16:45 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Vso
[2012.09.26 22:46:40 | 000,000,000 | ---D | M] -- C:\Users\MrM\AppData\Roaming\Zyog

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Windows:685F80B305F49876
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp

1B5B4F1

< End of report >

###################################################

OTL Extras logfile created on: 20.03.2013 21:21:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrM\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,19% Memory free
6,25 Gb Paging File | 5,82 Gb Available in Paging File | 93,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 27,38 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 132,59 Gb Free Space | 43,71% Space Free | Partition Type: NTFS
Drive F: | 1,91 Gb Total Space | 0,28 Gb Free Space | 14,48% Space Free | Partition Type: FAT32

Computer Name: MRM-PC | User Name: MrM | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA23CD-F051-4141-88EF-479754D8456A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{08D2ACCF-41D7-4947-9F55-E3B55A293152}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B4E6BE7-EE04-4BFD-BEE3-0BDF7BC945D0}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D262AEC-EF9E-4A22-8971-A071FFE0FA67}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{2A4CC17C-EF05-4947-A213-094120E1280C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FCAA4A3-38E8-4824-B81F-B9F0148881DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D1F71D7-197B-413E-833F-B31EAC296ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40F15F7D-9D81-440E-8692-5FEF3F8B77D5}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{41236364-40C4-437D-8125-D98148115F13}" = rport=5357 | protocol=6 | dir=out | app=system |
"{48B002D4-8606-425E-BE69-93B6465F3E44}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{4A162561-712B-4A6F-9C25-00C9799E43FE}" = rport=138 | protocol=17 | dir=out | app=system |
"{4BE5FA99-7CA3-499B-BEC9-DB9666CA3F80}" = lport=64468 | protocol=6 | dir=in | name=emule_tcp |
"{4DC8B698-CE92-4F3A-ABE3-085676CC765B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4EAB9E13-9B53-46FC-B798-9709BD08A653}" = lport=8436 | protocol=17 | dir=in | name=emule_udp |
"{53F5F801-F5DD-4D23-9CAC-CC4D0A962F3E}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{5674332D-86D0-475B-868A-2285E91FB0E9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{633017F3-7599-4BF8-BA2F-D23D2D8E4514}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68E2F4E7-55D8-498E-AE1A-CD3ABE5B71BE}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{6DD94B37-5ABE-4890-8C0C-648E172CBDA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{723C9D88-6930-46E1-AE35-288342392FA7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{84683537-81D3-4A5E-A46D-EDCFE22936DE}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{8A70F05C-E866-46C3-9F63-59B3D2090B83}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A8655C2-66E4-4B3D-88CF-CB6807B9A304}" = lport=5358 | protocol=6 | dir=in | app=system |
"{8E3DF45F-389F-4283-95FC-AE8CF450DE8D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97D3E7C2-0256-4CA2-B786-E239F1AD19F5}" = lport=5357 | protocol=6 | dir=in | app=system |
"{9DD26C3F-26ED-40A6-8FE9-44A6F54D676D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F6783E8-7152-4E0C-9B20-8C89E1CCD33B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A75749FA-A6AD-45B6-B5A5-B4673BA80D82}" = lport=139 | protocol=6 | dir=in | app=system |
"{B67ED3D0-95AE-49CA-BBB6-4A76E07AE1DD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF512BFA-E92D-4D08-BA0A-C67A7DF395A3}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{C069EBA5-8DE3-4361-8BCE-6EE4FBC4F74E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6B4C51F-3A86-4172-B2F1-61042C3AE06E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C867B77C-F957-4DB2-912D-F2FDB88923A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA9202C6-DF85-4775-AAE5-90086386A4A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4B6DC16-CA6B-4069-9858-F6A39BD8027E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{EE34D9B8-EE65-4F12-B589-ABA8B572C4AA}" = rport=5358 | protocol=6 | dir=out | app=system |
"{F802798D-23E6-4EB0-9BEF-60AAE8333BF3}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBA3DDD7-E44C-48D4-B044-D319C5BC0B73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D12D1D-5686-43A9-8DA1-0AC25AECBE61}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{09EF6EBB-68BC-491A-A80F-3DB4AE6F83CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A09366A-28B7-4F33-A2F1-84B547E9FF2F}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{167D7752-2098-45B6-BED9-50246155C69F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1738AD28-9E0E-419A-8EE9-ED6A26D1DC25}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1A343E59-A702-4D43-9F66-89A0E24377B2}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{1F7EFB14-B48B-4293-A04B-FA51C58C9198}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21B8CE1D-AABD-45C7-819B-B105042FCCB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B3FDB01-AD07-4881-B881-0422CFD09DC3}" = protocol=17 | dir=in | app=c:\program files\falk\falk navi-manager\navimgr.exe |
"{31DD545B-0BFA-48DF-9526-8C0C4F9BFDB9}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3298C9A4-1EDB-4EC4-BEE9-FF0467A0FABB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32C6778F-3E47-4C6B-A2E0-D00EA5D952B3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{371BDD3E-D92D-4ADB-B2F9-BFEBA9ED3202}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45AB650D-AD64-435B-95E8-5D975FBB7770}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47D6D24D-F08F-46E8-8601-75EE1C30CE17}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4912621F-E566-44A4-B3D8-D6D6D5F09E3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55CBA871-6FE4-4571-A8F9-87AD88C9D582}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56D5AD60-4053-49E5-AFCE-CC75707E82A1}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{65C864EE-27AF-4B7B-9DE0-DA3DAC36EC8E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D76042F-3283-4A57-8F35-E655EB88096C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{70B08238-350A-4F90-ABCA-7AA11A858CB5}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{723B661A-F39D-4C4F-B4DD-4BCFF18AE223}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{788E6106-3283-41DB-99F6-4E239D6F0915}" = protocol=6 | dir=in | app=c:\program files\falk\falk navi-manager\navimgr.exe |
"{81D15A7F-230D-4514-AEBC-B3A31894454F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8661B9AB-D669-42BA-8977-7924E5A92E6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{880D1329-2521-4BD9-8369-FDC1F247A3A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89298AE2-68D9-48CC-915B-4DBD60357F01}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{894A3A47-DD88-45FA-AE85-6F8020F8A59F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A9F527B-71E7-4313-950B-3123F17581FC}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9B15385E-4F1E-4BE6-985D-ABECA9418D0C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A48A042F-E70A-4508-976F-62081B078B26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8516ECB-45EA-4389-B957-0117FE34F267}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AB261A8B-70D7-429F-B1DE-F7504EEF23F3}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{ACF49F41-EC68-4CE3-94B9-DAFFF1D20A37}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{B10A1B1D-5FDC-42F3-8D53-5211476BF471}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA0238D8-DFA5-4E8E-A4E8-2DEEC95F50FD}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CD7CF05F-7585-4710-AEDA-220E1020CB83}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE6D418E-FC7C-4310-BBE2-8BF34A06E4E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D196BDFE-1947-447D-B36B-71A066F959CC}" = protocol=6 | dir=out | app=system |
"{D2323E14-E98A-4B4F-833D-9CDF93B97012}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D6D19616-705B-45FF-9100-F9F807F992DE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D8597F1A-6639-4D49-AFA8-F88E416E01F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D974EB70-8175-4963-ABD6-A34AAB538E61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAB03A4E-537D-45E7-B0BC-CE1D7ED1B71D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DB498550-DEF7-49F9-B0BE-A5C7FA06184F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDC49EE1-455D-444A-8639-4038231EE0DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE97A092-ED67-4E4E-8003-8219375DA83A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E17D36D2-3F3A-4705-A2E8-931418C913F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E5C15580-EF9A-4E63-852E-5B656E8A379B}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{ED8D25F8-11DC-48CB-B550-24BCBEE75D24}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F49F88A1-E03E-4B31-8A48-2289DFB3E21F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0D20DABF-2BF1-4898-8109-3C6D570EED24}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1F61DDB0-8D56-4158-8F3F-C14A96923662}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3013051D-49AF-4E3D-BD96-DAA5C7834E19}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{33D2AE8D-7FC4-4DCF-AF2B-33B3D2076D12}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{356CDD0F-6351-4C4B-85EB-07CF4A9443A0}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"TCP Query User{50FF6FE0-6C15-4B84-9280-57AF75233647}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{52EF4B54-08A9-4984-9C14-0B9420CFF4EB}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{864CE8B5-F7ED-43B7-B876-E5ED3FC915F0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{87558C9A-8D37-4026-97A2-64C22358BE5C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8B0221BA-09D3-45BE-9B3E-1619F3360CDE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8FE8857D-3E96-4AEB-AE31-F878CA737904}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{9EA93366-50FC-45AE-B7CD-67A22DBFB13E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{A93D2F7E-6475-4770-B7C8-180D678BDD4F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{B76E54A6-7860-4E50-B692-96E7F6B66CDA}C:\program files\nonoh.net\nonoh\nonoh.exe" = protocol=6 | dir=in | app=c:\program files\nonoh.net\nonoh\nonoh.exe |
"TCP Query User{CDF390AA-74C6-4A4B-B06B-984002F97B5F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DB305EAD-3CD9-4C7A-A900-16944526E827}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FB6515C6-E301-42EF-9C62-73CA5D92814F}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{01607A26-3EFF-438E-B383-C52D92FB7F8D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{157DEC35-BDD3-4A03-A8E5-3300091E8DF9}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{236C268D-7AD5-4E4A-A62B-B667FE0EF7E7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{295C6B3F-3CD7-473A-BA32-6B8F6DA92BC6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{382980D6-8723-4312-918D-B2921A96B77F}C:\program files\nonoh.net\nonoh\nonoh.exe" = protocol=17 | dir=in | app=c:\program files\nonoh.net\nonoh\nonoh.exe |
"UDP Query User{39613404-50B6-439E-A24E-505FC9E68847}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"UDP Query User{3ACD1A58-D9A0-4167-98B0-8A69CB189F7B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{563CCBD7-E9F5-4FDA-9066-AF114D553EAA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7A72402B-D0DC-417F-BDE2-6D5CC581F8B7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8193D926-0CDB-4FC6-8427-FDBCB9573FB5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B0B7C431-9543-43BB-B0BA-6C3C1F3DF527}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{B3C94664-0F47-48DD-A82D-BF1CEDDAE3E5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BA69D5CD-1911-480A-8C00-8F1CD9338511}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{C6875411-C3FA-42FE-A617-0C169943A469}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C7AD37A2-F837-49E4-8065-ACA8B806F4C1}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{CCFFCB95-186D-42FA-9D41-48977D963171}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E33AD572-AB20-4481-A526-46C0E33A1970}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{0F89E06A-16E1-432E-8A3A-23CFFB4818D5}" = Russisch für Deutsche - Transliteration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A157AC1C-DF44-481A-81E7-17AE00239818}" = Logitech Z-series Software 1.04
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D5A716E5-6E7E-40F8-BB46-6FAEF98FB6FC}" = SystemDiagnostics
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"DivX Setup" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Corporate Edition NR_is1" = EVEREST Corporate Edition NR v4.60
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"Nonoh_is1" = Nonoh
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.12.1707" = Opera 12.12
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Trillian" = Trillian
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.03.2013 12:45:27 | Computer Name = MrM-PC | Source = Software Licensing Service | ID = 1001
Description = Fehler beim Starten des Softwarelizenzierungsdienstes. hr=0x80070002,
[2, 4]

Error - 12.03.2013 12:48:41 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.03.2013 14:22:36 | Computer Name = MrM-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen
mit den Statuscode 1. Der Computer muss neu gestartet werden.

Error - 12.03.2013 14:25:41 | Computer Name = MrM-PC | Source = EventSystem | ID = 4609
Description =

Error - 12.03.2013 14:26:10 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.03.2013 13:16:17 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2013 06:38:10 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2013 06:46:27 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2013 06:48:40 | Computer Name = MRM-PC | Source = Software Licensing Service | ID = 1001
Description = Fehler beim Starten des Softwarelizenzierungsdienstes. hr=0x80070002,
[2, 4]

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 17.03.2013 06:51:50 | Computer Name = MrM-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

###############################################

ENDE.

BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS

BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS

Ähnliche Themen: BKA-Trojaner auf Vista-32bit PC mit XP als 2. BS