Heftiges Trojanerproblem(Generic und weitere)

noname.gray

Hallo, hab ein ziemlich heftiges problem mit trojanern auf meinem Computer. Mein Virenschutzprogramm AVG Antivir hat schon zweimal eine Bedrohung mit dem Namen Generic erkannt und auch entfernt, doch denke ich nicht, dass es damit erledigt ist.
Hoffe, dass da noch was zu machen ist. Danke im Vorhinaus!

Hier die Logfiles:

OTL.txt:

OTL logfile created on: 21.05.2013 12:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Medienanalyse\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 74,39% Memory free
4,03 Gb Paging File | 3,23 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 228,14 Gb Total Space | 126,74 Gb Free Space | 55,55% Space Free | Partition Type: NTFS
Drive H: | 4,73 Gb Total Space | 0,88 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Computer Name: MEDIA2 | User Name: Medienanalyse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.21 12:24:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\OTL.exe
PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.04.04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.04.04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2013.03.28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.03.12 07:32:50 | 000,253,816 | ---- | M] (Oracle Corporation) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2013.02.23 16:17:19 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2013.02.23 16:17:19 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2008.07.28 10:50:45 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.02 13:04:20 | 001,552,384 | ---- | M] (D-Link) -- C:\Programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
PRC - [2007.01.19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.02.23 16:17:21 | 000,156,848 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.23 16:17:19 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2013.02.23 16:17:19 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2007.08.20 18:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2006.05.09 15:50:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2001.09.28 13:44:58 | 000,257,536 | ---- | M] () -- C:\WINDOWS\system32\BiImg.dll


========== Services (SafeList) ==========

SRV - [2013.05.14 19:47:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.04.12 17:38:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.23 16:17:19 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2008.07.28 10:50:45 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007.01.19 12:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.02.23 16:17:21 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.03.27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.12.21 19:36:27 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tinspusb.sys -- (USBTINSP)
DRV - [2009.01.28 16:16:27 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.04.14 01:11:22 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MemStPCI.SYS -- (MemStPCI)
DRV - [2007.05.12 15:45:34 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (rt2500usb)
DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.03.03 15:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.03 15:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.12.11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=121845&tt=180413_ctrl&babsrc=HP_ss&mntrId=EC6B001A920B867B
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=121845&tt=180413_ctrl&babsrc=HP_ss&mntrId=EC6B001A920B867B
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=121845&tt=180413_ctrl&babsrc=SP_ss&mntrId=EC6B001A920B867B
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=AAA4D763-D2DD-4473-8AB0-390B55948D91&apn_sauid=B0F6DB9E-4DE2-4F7D-81B7-DF76260CC4A2
IE - HKCU\..\SearchScopes\{2B524D53-B1D6-4232-B614-E4727E95BFB0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{51CE5267-F5CE-4DED-8E7B-F62822FF026C}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
IE - HKCU\..\SearchScopes\{629135C6-5672-459D-AB4D-C042F117955E}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKCU\..\SearchScopes\{ECCDB407-23BB-45B9-975F-3E1DAC205B0F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_deAT296
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\programme\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\programme\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\programme\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.04 18:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.23 16:18:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.23 15:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.19 15:54:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

[2009.01.01 18:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Extensions
[2013.05.13 18:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions
[2013.05.06 12:49:13 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions\ffxtlbr@delta.com
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.23 18:40:51 | 000,021,487 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions\plugin@yontoo.com.xpi
[2013.02.11 12:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
[2013.05.13 18:15:42 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.01 22:00:13 | 000,006,514 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\searchplugins\babylon.xml
[2013.04.20 14:31:33 | 000,006,511 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\searchplugins\BrowserProtect.xml
[2013.01.04 16:21:55 | 000,001,300 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\searchplugins\claro.xml
[2013.05.06 12:50:14 | 000,001,294 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\searchplugins\delta.xml
[2011.01.02 16:23:34 | 000,002,094 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Mozilla\Firefox\Profiles\hllbf4ov.default\searchplugins\ecosia.xml
[2013.04.23 15:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 17:36:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.12 17:36:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.05.21 10:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2013.05.21 10:38:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.21 10:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.05.21 10:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\browser\extensions
[2013.05.21 10:39:38 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.23 16:18:45 | 000,003,714 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2013.04.20 14:31:33 | 000,006,511 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gemeinsame Dateien\4Story\PrePatch.exe (Zamiinc)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\Dell Printers\paperport\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Dell Printers\paperport\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217229057359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.24 12:35:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.21 12:24:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\OTL.exe
[2013.05.20 16:59:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2013.05.06 12:49:11 | 000,000,000 | ---D | C] -- C:\Programme\Delta
[2013.05.06 12:48:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Delta
[2013.05.06 12:47:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Babylon
[2013.05.06 12:33:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Wizards of the Coast
[2013.05.06 12:31:35 | 000,000,000 | ---D | C] -- C:\Programme\Wizards of the Coast
[2013.05.05 22:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Downloads
[2013.05.05 20:48:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Gothic 3 Questpaket 4 Update 2
[2013.05.01 22:13:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Eigene Dateien\Eigene Noten
[2013.04.27 12:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Medienanalyse\Eigene Dateien\Stronghold Legends
[2008.10.08 11:07:28 | 022,380,328 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.21 12:41:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\BrowserProtect.job
[2013.05.21 12:36:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\defogger_reenable
[2013.05.21 12:29:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 12:25:14 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\gmer_2.1.19163.exe
[2013.05.21 12:24:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\OTL.exe
[2013.05.21 12:24:39 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Defogger.exe
[2013.05.21 11:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.21 10:17:51 | 000,261,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Ennstalradweg430001303.gpx
[2013.05.21 09:44:47 | 000,012,305 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.05.21 09:44:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 06:45:25 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2013.05.21 06:44:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.20 16:49:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.17 19:44:24 | 000,099,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.17 18:16:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.05.15 17:17:26 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.15 16:55:41 | 000,555,548 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.15 16:55:41 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.15 16:55:41 | 000,116,462 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.15 16:55:41 | 000,089,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.15 16:42:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.06 12:28:51 | 876,158,732 | ---- | M] () -- C:\Programme\MTGOinstaller.exe
[2013.05.01 22:14:58 | 000,002,238 | ---- | M] () -- C:\WINDOWS\musi.ini
[2013.04.28 15:21:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.04.23 18:55:12 | 000,000,133 | -H-- | M] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\.~lock.Praesentation.odp#
[2013.04.23 15:00:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.21 12:36:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\defogger_reenable
[2013.05.21 12:25:13 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\gmer_2.1.19163.exe
[2013.05.21 12:24:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Defogger.exe
[2013.05.21 10:17:51 | 000,261,949 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Ennstalradweg430001303.gpx
[2013.05.20 23:08:19 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\BrowserProtect.job
[2013.05.19 15:54:34 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.05.05 22:34:55 | 876,158,732 | ---- | C] () -- C:\Programme\MTGOinstaller.exe
[2013.05.01 22:13:35 | 000,002,238 | ---- | C] () -- C:\WINDOWS\musi.ini
[2013.04.24 22:58:09 | 000,001,666 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Skype.lnk
[2013.04.23 18:55:12 | 000,000,133 | -H-- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Desktop\.~lock.Praesentation.odp#
[2013.04.23 15:00:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.03.22 19:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2013.03.22 19:14:19 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2013.03.22 19:12:37 | 000,004,345 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2013.03.22 19:01:44 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2013.03.22 19:01:29 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2013.03.22 19:01:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2013.01.03 18:54:47 | 009,900,630 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1801674531-412668190-839522115-1003-0.dat
[2013.01.03 18:54:37 | 000,400,286 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.12.22 18:40:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.12.20 17:07:15 | 000,074,127 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sfamlhrlsltcnwq
[2012.12.04 18:32:57 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2012.04.22 19:24:45 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.04.20 20:21:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.09.29 11:54:44 | 000,099,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Medienanalyse\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008.07.28 09:16:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.04.14 22:19:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2012.12.22 17:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG
[2013.01.20 11:26:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2012.11.06 18:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013
[2012.06.06 15:04:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2013.01.04 16:19:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2013.05.14 06:47:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2011.03.15 18:19:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.01.12 14:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2011.12.11 22:29:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer
[2013.01.04 16:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2013.05.21 09:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.12.04 14:55:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2011.12.21 19:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2008.07.28 10:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2013.02.03 18:07:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2012.06.06 14:35:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2011.12.21 19:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TI-Nspire CAS-TE
[2013.02.23 19:51:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.12.20 23:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vlelqcjgkcylwfe
[2012.12.23 15:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2013.02.23 22:46:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.23 22:46:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2009.10.03 12:53:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\.#
[2013.04.29 19:42:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\.minecraft
[2012.12.22 17:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\AVG
[2012.09.20 17:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\AVG Secure Search
[2012.11.06 20:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\AVG2013
[2013.05.06 12:47:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Babylon
[2013.05.06 12:48:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Delta
[2013.04.17 20:34:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\FireArc Arcade
[2012.01.12 15:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Firefly Studios
[2011.10.05 15:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\GetRightToGo
[2010.09.12 20:01:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Glory of the Roman Empire
[2011.10.13 17:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\HappyFoto
[2009.01.19 22:54:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Image Zone Express
[2012.09.14 15:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\kompozer.net
[2012.01.16 16:59:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\LibreOffice
[2013.04.21 14:48:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Minecraft Version Changer
[2013.01.04 17:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\PerformerSoft
[2012.08.31 16:55:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\PriceGong
[2012.10.18 13:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\SpeedSim
[2011.11.04 20:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\The Creative Assembly
[2013.02.23 19:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\TuneUp Software
[2008.07.28 08:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\WinBatch
[2008.07.28 09:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Windows Desktop Search
[2008.12.27 16:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Windows Search
[2013.05.06 13:07:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Medienanalyse\Anwendungsdaten\Wizards of the Coast

========== Purity Check ==========



< End of report >

Extras.txt:

OTL Extras logfile created on: 21.05.2013 12:37:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Medienanalyse\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 74,39% Memory free
4,03 Gb Paging File | 3,23 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 228,14 Gb Total Space | 126,74 Gb Free Space | 55,55% Space Free | Partition Type: NTFS
Drive H: | 4,73 Gb Total Space | 0,88 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Computer Name: MEDIA2 | User Name: Medienanalyse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56318:TCP" = 56318:TCP:*:Enabled:Pando Media Booster
"56318:UDP" = 56318:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56318:TCP" = 56318:TCP:*:Enabled:Pando Media Booster
"56318:UDP" = 56318:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\Ubisoft\Blue Byte\DIE SIEDLER - Das Erbe der Könige - Gold Edition\extra1\bin\settlershok.exe" = C:\Programme\Ubisoft\Blue Byte\DIE SIEDLER - Das Erbe der Könige - Gold Edition\extra1\bin\settlershok.exe:*isabled:THE SETTLERS - Heritage of Kings -- (Blue Byte Software)
"C:\Programme\Ubisoft\Blue Byte\DIE SIEDLER - Das Erbe der Könige - Gold Edition\bin\settlershok.exe" = C:\Programme\Ubisoft\Blue Byte\DIE SIEDLER - Das Erbe der Könige - Gold Edition\bin\settlershok.exe:*isabled:THE SETTLERS - Heritage of Kings -- (Blue Byte Software)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Firefly Studios\Stronghold\Stronghold.exe" = C:\Programme\Firefly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader Extreme -- ( )
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Dokumente und Einstellungen\Medienanalyse\Desktop\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:AdobePhotoshopElementsMediaServer
"C:\Programme\AVG\AVG2013\avgmfapx.exe" = C:\Programme\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\AVG\AVG2013\avgnsx.exe" = C:\Programme\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2013\avgdiagex.exe" = C:\Programme\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30F7A307-E595-40F6-8842-B36C7747E978}" = Die Gilde 2 Venedig
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{58C91689-85E3-4B25-ADEC-2697986DF817}" = Qtrax Player
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C819486-7BC9-4423-9268-B484D9822B73}" = ScanSoft PaperPort 10
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8372C2D-9549-4C85-83FE-BBD29D95D4C0}" = SCAR
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E35F1969-4CFA-4467-9C22-26BBBA1ECC74}" = FireArc Arcade
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8DF795C-5865-43BB-A547-7FFD0EA753F9}" = LibreOffice 3.4 Help Pack (German)
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"delta" = Delta toolbar
"DeltaCad" = DeltaCad
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"Feudalism 2_is1" = Feudalism 2
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Glory of the Roman Empire" = Die Römer
"HappyFoto-Designer_is1" = HappyFoto-Designer 4.4
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}" = Marine Park Empire
"KingPongII 1.20" = KingPongII 1.20
"MAGIX Music Maker Schulversion D" = MAGIX Music Maker Schulversion (D)
"Meine Tierarztpraxis - Special Edition" = Meine Tierarztpraxis - Special Edition (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"MMLOGICV10" = MultiMedia Logic
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multitrack Stopwatch" = Multitrack Stopwatch
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"SpeedSim" = SpeedSim
"TI-Nspire CAS Teacher Software" = TI-Nspire CAS Teacher Software
"VLC media player" = VLC media player 2.0.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XMind" = XMind
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"xp-AntiSpy" = xp-AntiSpy 3.96-7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4.2" = GeoGebra 4.2
"GeoGebra WebStart" = GeoGebra WebStart

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2013 08:50:58 | Computer Name = MEDIA2 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MEDIENANALYSE\RECENT\SWORD_ART_ONLINE.LNK>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


Error - 15.04.2013 08:50:58 | Computer Name = MEDIA2 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MEDIENANALYSE\RECENT\SWORD_ART_ONLINE.LNK>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


Error - 17.04.2013 14:25:17 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 17.04.2013 14:29:05 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 17.04.2013 14:29:06 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 17.04.2013 14:29:07 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 17.04.2013 14:29:07 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 17.04.2013 14:29:07 | Computer Name = MEDIA2 | Source = MsiInstaller | ID = 11609
Description =

Error - 15.05.2013 11:19:59 | Computer Name = MEDIA2 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 16.05.2013 10:28:11 | Computer Name = MEDIA2 | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
erneut. Kontext: Anwendung, SystemIndex Katalog

[ OSession Events ]
Error - 21.10.2010 04:54:32 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.05.2011 08:52:50 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1451
seconds with 180 seconds of active time. This session ended with a crash.

Error - 16.05.2011 08:53:04 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.05.2011 08:54:34 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 79
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17.09.2011 05:33:47 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1616
seconds with 660 seconds of active time. This session ended with a crash.

Error - 05.12.2012 12:16:42 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6263
seconds with 120 seconds of active time. This session ended with a crash.

Error - 23.12.2012 10:45:34 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 117
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20.03.2013 14:48:11 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12506
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 20.03.2013 14:49:29 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20.03.2013 14:50:01 | Computer Name = MEDIA2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.


< End of report >

Gmer.txt:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 20:01:44
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_SP2504C rev.VT100-49 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\MEDIEN~1\LOKALE~1\Temp\uwtdypod.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA3895D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA389700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA389010]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xBA1D91AE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA389300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA3893E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA389120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA389210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA3894D0]

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB99C8360, 0x20574D, 0xE8000020]
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB5CBC000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB5D00000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB5D1C000, 0x8E, 0x42000040]

---- User code sections - GMER 2.1 ----

.text C:\Programme\Lavasoft\Ad-Aware\aawservice.exe[264] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00BA4720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\spoolsv.exe[560] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\ctfmon.exe[692] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\Programme\Java\jre7\bin\jqs.exe[928] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\winlogon.exe[1272] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[3444] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\WINDOWS\system32\SearchIndexer.exe[3444] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\Programme\AVG\AVG2013\avgui.exe[3860] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10004720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
.text C:\Programme\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe[3884] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00A64720 c:\dokume~1\alluse~1\anwend~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy186.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 186
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows@CrawlScopeVersion 690

---- EOF - GMER 2.1 ----