Ergebnis 1 bis 7 von 7
  1. #1
    Einsteiger
    Registriert seit
    29.07.2012
    Beiträge
    4

    Telekom Erneute Sicherheitswarnung

    [Hallo liebe Gemeinde,ich bin neu hier und benötige eure Hilfe .
    Ich habe am 18.07.12 eine Email von der Telekom bekommen das von meinem Anschluss unerwünschte zugriffe auf fremde Rechner erfolgt sind (Hacking).
    darauf hin habe ich mein Router komplett neu eingerichtet d.h. ich habe einen IP filter gesetzt so das nur die Pc´s und Smartphones über den Router ins netz gehen können . Die verschlüsselung habe ich auf WEP2 Personal erstellt auch mit neuem passwort und den router selbst auch.
    Letzte woche bekam ich wieder eine email mit folgendem Inhalt:

    Sehr geehrte Herr B*****

    vor einiger Zeit haben wir Ihnen bereits über das E-Mail Postfach Ihres Zugangs (*@t-online.de) mitgeteilt, dass von Ihrem Anschluss unerwünschte Zugriffe auf fremde Systeme erfolgt sind.

    In diesem Zusammenhang haben wir Ihren Internet-Zugang wieder eindeutig als Quelle identifiziert. Dies ist möglich, da bei jeder Einwahl ins Internet Ihrem Router eine IP-Adresse zugewiesen wird. Somit lässt sich die verknüpfte IP-Adresse und der Zeitpunkt der Einwahl eindeutig Ihrer Zugangsnummer zuordnen:

    IP: **.***.**.**
    Zeitangaben: 25.07.2012, 19:51:10 (MESZ)

    Daher unsere dringende Bitte: Prüfen Sie unbedingt Ihren Computer, um die missbräuchliche Nutzung Ihres Zugangs zu unterbinden. Um Sie hierbei zu unterstützen, haben wir den E-Mail-Verkehr (Port 25) eingeschränkt. Das bedeutet, dass Sie derzeit über E-Mail-Programme, wie zum Beispiel Microsoft Outlook zwar weiterhin E-Mails empfangen können, jedoch wurde der Versand über die Server von Drittanbietern eingeschränkt. Das Versenden über Ihre *@t-online.de E-Mail Adresse und die Verwendung von E-Mail Portalen wie beispielsweise unserem E-Mail Center; Link: https://email.t-online.de sind hiervon nicht betroffen.


    Habe bei Arcor eine mailadresse und die hat mir die telekom eingeschränkt d.h. ich kann noch mails empfangen aber nicht versenden.

    Könnt ihr mir da weiterhelfen ? ich habe auch OTL auf meinem pc ich könnte euch die 2 datein zukommen lassen

    danke im voraus

    gruß daniel

  2. #2
    Moderator
    Registriert seit
    04.01.2012
    Ort
    5-Seenland
    Beiträge
    405
    Nun, da kannst Du Passwörter ändern und Filter setzen bis zum Sanknimmerleinstag...

    Auf Deinem Rechner wird ein Schädling sein, der sich in Deinen E-Mail Account gesetzt hat und von dort aus fleißig an Deine Kontakte E-Mails sendet.

    Zeige uns bitte die Dateien von OTL.

    Ich verschiebe Dich nun in die richtige Region für Hilfe und Schädlingsbekämpfung.

  3. #3
    Einsteiger
    Registriert seit
    29.07.2012
    Beiträge
    4
    Code:
    OTL logfile created on: 29.07.2012 23:22:00 - Run 1
    OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\*****\Downloads
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,36% Memory free
    6,50 Gb Paging File | 5,14 Gb Available in Paging File | 79,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 109,20 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
    Drive D: | 232,88 Gb Total Space | 44,51 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
     
    Computer Name: ***** | User Name: ****** | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.07.29 23:18:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
    PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
    PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
    PRC - [2012.05.11 19:03:26 | 005,798,008 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
    PRC - [2012.05.11 19:00:22 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
    PRC - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    PRC - [2012.05.11 19:00:08 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
    PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    PRC - [2012.01.10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2012.01.04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    PRC - [2011.10.27 21:35:20 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011.08.02 11:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
    PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
    PRC - [2009.12.16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
    PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
    PRC - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
    PRC - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
    PRC - [2009.10.22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009.07.08 09:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
    PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2009.05.28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2008.07.11 08:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    PRC - [2008.07.11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
    PRC - [2003.12.03 11:01:48 | 000,327,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\HLS32SVC.EXE
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.06.26 23:34:32 | 000,115,137 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    MOD - [2012.06.15 18:37:23 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
    MOD - [2012.06.15 18:29:58 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
    MOD - [2012.06.15 18:29:46 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
    MOD - [2012.06.15 18:29:36 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
    MOD - [2012.06.15 18:29:35 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
    MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012.05.19 10:25:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
    MOD - [2012.05.18 21:18:53 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
    MOD - [2012.05.18 21:17:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.18 21:17:18 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
    MOD - [2012.05.18 20:55:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
    MOD - [2012.05.18 20:54:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
    MOD - [2012.05.18 20:54:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
    MOD - [2012.05.18 20:54:29 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
    MOD - [2012.05.18 20:54:21 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
    MOD - [2012.01.10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012.01.10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012.01.10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
    MOD - [2012.01.10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012.01.10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
    MOD - [2012.01.10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
    MOD - [2012.01.10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012.01.10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012.01.10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012.01.10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012.01.10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012.01.10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012.01.10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012.01.10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012.01.10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012.01.10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012.01.10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012.01.10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012.01.10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
    MOD - [2012.01.10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
    MOD - [2012.01.10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
    MOD - [2012.01.10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
    MOD - [2012.01.10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
    MOD - [2012.01.10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
    MOD - [2012.01.10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012.01.05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
    MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
    MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
    MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
    MOD - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2009.07.13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009.07.13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
    MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - [2012.07.28 13:07:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
    SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
    SRV - [2012.02.23 22:12:36 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
    SRV - [2011.08.02 11:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
    SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010.11.04 16:19:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
    SRV - [2009.12.16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
    SRV - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
    SRV - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009.07.08 09:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008.07.11 08:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
    SRV - [2008.07.11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2003.12.03 11:01:48 | 000,327,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\HLS32SVC.EXE -- (HLServer)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ala7qsrt)
    DRV - [2012.07.28 12:34:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
    DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
    DRV - [2012.02.24 11:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2012.02.24 11:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2011.12.04 20:02:08 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
    DRV - [2011.12.03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20111203.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011.12.03 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011.12.03 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011.12.03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20111203.009\NAVENG.SYS -- (NAVENG)
    DRV - [2011.11.28 22:48:56 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20111201.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011.11.23 20:23:48 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
    DRV - [2011.11.23 19:56:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20111130.012\IDSvix86.sys -- (IDSVix86)
    DRV - [2011.11.16 21:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys -- (SymNetS)
    DRV - [2011.11.16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
    DRV - [2011.11.04 17:59:36 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
    DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
    DRV - [2011.05.19 09:33:56 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
    DRV - [2011.03.11 03:09:36 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
    DRV - [2010.11.28 17:25:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009.11.06 09:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
    DRV - [2009.11.02 19:12:08 | 000,762,112 | ---- | M] (none) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adatadrv.sys -- (adatadrv)
    DRV - [2009.10.22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
    DRV - [2009.10.22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
    DRV - [2009.10.22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2009.10.22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2009.10.22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
    DRV - [2009.10.22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
    DRV - [2009.10.22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2009.10.22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2009.10.12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009.08.20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
    DRV - [2009.08.05 22:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009.07.08 09:07:00 | 009,786,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009.07.07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009.07.07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2009.07.01 12:20:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008.07.11 08:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
    DRV - [2008.07.11 08:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
    DRV - [2007.11.07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2007.08.13 20:48:46 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2006.09.20 15:36:38 | 000,098,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HLEMU.SYS -- (hlemu)
    DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\******\Downloads\ANdroid
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A7 F0 45 26 7C CB 01  [binary data]
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes,DefaultScope = {84C033DE-7795-4539-B971-89D519B51EF0}
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{84C033DE-7795-4539-B971-89D519B51EF0}: "URL" = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=ddrnw"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100581&babsrc=adbartrp&mntrId=30dd2d0f00000000000094445286b56b&q="
    FF - prefs.js..network.proxy.type: 0
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 02:35:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 02:35:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 23:37:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012.02.26 12:39:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\******\AppData\Roaming\08001.058 [2012.07.14 12:25:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.07.28 12:34:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.07.29 22:57:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.04 22:27:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.04 22:27:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.26 12:40:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\******\AppData\Roaming\08001.058 [2012.07.14 12:25:20 | 000,000,000 | ---D | M]
     
    [2010.11.06 08:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
    [2012.05.05 11:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions
    [2011.12.30 21:49:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions\ffxtlbr@babylon.com
    [2012.05.05 11:00:42 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions\ffxtlbr@funmoods.com
    [2012.05.05 10:29:54 | 000,001,799 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\dyl86mui.default\searchplugins\funmoods.xml
    [2012.04.15 14:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2011.10.02 19:06:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2012.04.15 14:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012.04.15 14:27:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2011.12.31 12:14:29 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\mozilla firefox\extensions\adapter@babylontc.com
    [2012.02.05 20:36:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.04.15 14:27:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.12.30 21:49:39 | 000,002,311 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    ========== Chrome  ==========
     
    CHR - homepage: http://start.funmoods.com/?f=1&a=ddrnw
    CHR - default_search_provider: Search (Enabled)
    CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
    CHR - default_search_provider: suggest_url = 
    CHR - homepage: http://start.funmoods.com/?f=1&a=ddrnw
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Funmoods = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
    CHR - Extension: Funmoods = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
    CHR - Extension: DivX HiQ = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKLM..\Run: [Volvo Penta Synchronizer] "C:\Program Files\LinkOne5\Volvo Penta Synchronizer\Synchronizer.exe" File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: []  File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://man.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F7B9E25-74B5-43C9-BE69-EAB067DF147D}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EE232AB-EE74-4BAA-B874-3EE92F2E0DC5}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EEF0B44-B5D0-45B5-B27C-832F98B5A9E1}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8173E701-121E-4370-9900-C8BD32FD7D79}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978162F4-6234-488A-9222-659AB78C1D38}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1B85458-41B7-435D-87C4-E953EF47BA8A}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B25A9930-3F99-426C-BE87-C5F4D2E0FBCF}: DhcpNameServer = 195.50.140.246 195.50.140.180
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC8B495A-AC02-4877-856E-B78C1D044A29}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD84163C-E6EA-44E2-88FD-A4A5A819AE36}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Users\******\AppData\Roaming\appconf32.exe) - C:\Users\******\AppData\Roaming\appconf32.exe ()
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{cabf9dcc-d8be-11e0-b405-002197ec83a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{cabf9dcc-d8be-11e0-b405-002197ec83a8}\Shell\AutoRun\command - "" = G:\Startme.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.07.29 22:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012.07.29 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012.07.29 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\******\Kaspersky Rescue2Usb
    [2012.07.28 12:49:37 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys
    [2012.07.28 12:49:37 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys
    [2012.07.28 12:49:37 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys
    [2012.07.28 12:49:37 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys
    [2012.07.28 12:49:37 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys
    [2012.07.28 12:49:37 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys
    [2012.07.28 12:49:36 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys
    [2012.07.28 12:49:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0602010.005
    [2012.07.28 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\CrashDumps
    [2012.07.28 12:34:24 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012.07.28 12:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012.07.28 12:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012.07.28 12:33:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
    [2012.07.28 12:33:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2012.07.28 12:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2012.07.28 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2012.07.28 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2012.07.28 12:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012.07.28 11:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus
    [2012.07.20 23:12:34 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\CLP-310_Print
    [2012.07.20 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\******\temp
    [2012.07.15 21:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Acclaim Entertainment
    [2012.07.15 21:13:40 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
    [2012.07.14 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\UAs
    [2012.07.14 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\08001.058
    [2012.07.14 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\xmldm
    [2012.07.14 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\kock
    [2012.07.11 03:08:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012.07.11 03:08:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012.07.11 03:08:16 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012.07.11 03:08:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012.07.11 03:08:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012.07.11 03:08:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012.07.11 03:08:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012.07.11 03:02:07 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012.07.10 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\PDF24
    [2012.07.10 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
    [2012.07.10 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
    [2012.07.10 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    [2012.07.10 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\pdfforge
    [2012.07.10 20:13:02 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
    [2012.07.10 20:13:02 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
    [2012.07.10 20:13:02 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
    [2012.07.10 20:13:01 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
    [2012.07.10 20:13:01 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
    [2012.07.10 20:13:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
    [2012.07.10 20:13:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
    [2012.07.10 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
    [2012.07.10 20:01:28 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012.07.10 20:01:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2012.07.10 20:01:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
    [2012.07.01 20:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012.07.01 20:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
    [2012.07.01 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP3
    [2012.07.01 20:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
    [2012.07.01 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
    [2012.04.23 17:58:40 | 029,771,072 | ---- | C] (Samsung                                                     ) -- C:\Users\******\CLP-310_Print.exe
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\******\AppData\Roaming\*.tmp files -> C:\Users\******\AppData\Roaming\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.07.29 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.07.29 22:59:03 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.07.29 22:59:03 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.07.29 22:58:17 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012.07.29 22:54:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.07.29 22:53:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.07.29 22:53:45 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
    [2012.07.29 13:40:01 | 000,674,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2012.07.29 13:40:01 | 000,625,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012.07.29 13:40:01 | 000,136,630 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2012.07.29 13:40:01 | 000,112,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012.07.29 13:36:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.07.29 13:34:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
    [2012.07.28 13:07:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012.07.28 13:07:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012.07.28 12:52:15 | 001,504,931 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
    [2012.07.28 12:34:23 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012.07.28 12:34:23 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012.07.28 12:34:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012.07.28 12:32:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012.07.28 11:35:59 | 000,001,887 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012.07.28 11:12:32 | 000,588,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012.07.28 11:08:44 | 000,001,782 | ---- | M] () -- C:\Users\******\Desktop\Samsung Drive Manager.lnk
    [2012.07.28 11:08:44 | 000,001,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
    [2012.07.21 11:50:57 | 000,063,637 | ---- | M] () -- C:\Users\******\Einstell-& Drehmomentwerte Picanto.pdf
    [2012.07.21 11:47:54 | 000,180,211 | ---- | M] () -- C:\Users\******\Zahnriemen Picanto.pdf
    [2012.07.20 23:16:14 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
    [2012.07.18 19:15:23 | 000,031,179 | ---- | M] () -- C:\Users\******\Speedport_W723V_1.24.000_18.07.12_1915.bin
    [2012.07.17 18:54:33 | 000,000,013 | ---- | M] () -- C:\Users\******\AppData\Roaming\urhtps.dat
    [2012.07.14 12:34:34 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012.07.14 12:25:09 | 000,000,051 | ---- | M] () -- C:\Users\******\AppData\Roaming\blckdom.res
    [2012.07.10 20:28:00 | 000,786,808 | ---- | M] () -- C:\Users\******\Documents\Grundbucheintrag Saarner Str.211.pdf
    [2012.07.10 20:21:18 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
    [2012.07.10 20:21:18 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
    [2012.07.10 20:13:07 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.07.09 21:51:20 | 000,473,976 | ---- | M] () -- C:\Users\******\www.real-onlineshop.de - 1.pdf
    [2012.07.08 12:41:08 | 000,328,380 | ---- | M] () -- C:\Users\******\Documents\Kaufvertrag Mazda 2.pdf
    [2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
    [2012.07.03 23:29:31 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\******\AppData\Roaming\*.tmp files -> C:\Users\******\AppData\Roaming\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.07.29 22:58:17 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012.07.28 12:51:44 | 001,504,931 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
    [2012.07.28 12:49:37 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.cat
    [2012.07.28 12:49:37 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.cat
    [2012.07.28 12:49:37 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.cat
    [2012.07.28 12:49:37 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.cat
    [2012.07.28 12:49:37 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.cat
    [2012.07.28 12:49:37 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.inf
    [2012.07.28 12:49:37 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.inf
    [2012.07.28 12:49:37 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.inf
    [2012.07.28 12:49:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.inf
    [2012.07.28 12:49:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.inf
    [2012.07.28 12:49:37 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.inf
    [2012.07.28 12:49:36 | 000,007,468 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.cat
    [2012.07.28 12:49:36 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.cat
    [2012.07.28 12:49:36 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.inf
    [2012.07.28 12:49:33 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symvtcer.dat
    [2012.07.28 12:49:33 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
    [2012.07.28 12:34:24 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012.07.28 12:34:24 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012.07.28 11:35:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
    [2012.07.28 11:35:59 | 000,001,887 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012.07.28 11:08:44 | 000,001,782 | ---- | C] () -- C:\Users\******\Desktop\Samsung Drive Manager.lnk
    [2012.07.28 11:08:44 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
    [2012.07.21 11:49:08 | 000,063,637 | ---- | C] () -- C:\Users\******\Einstell-& Drehmomentwerte Picanto.pdf
    [2012.07.21 11:47:54 | 000,180,211 | ---- | C] () -- C:\Users\******\Zahnriemen Picanto.pdf
    [2012.07.18 19:15:23 | 000,031,179 | ---- | C] () -- C:\Users\******\Speedport_W723V_1.24.000_18.07.12_1915.bin
    [2012.07.17 18:54:33 | 000,000,013 | ---- | C] () -- C:\Users\******\AppData\Roaming\urhtps.dat
    [2012.07.14 12:25:09 | 000,000,051 | ---- | C] () -- C:\Users\******\AppData\Roaming\blckdom.res
    [2012.07.10 20:27:59 | 000,786,808 | ---- | C] () -- C:\Users\******\Documents\Grundbucheintrag Saarner Str.211.pdf
    [2012.07.10 20:21:18 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
    [2012.07.10 20:21:18 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
    [2012.07.10 20:13:07 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.07.09 21:51:20 | 000,473,976 | ---- | C] () -- C:\Users\******\www.real-onlineshop.de - 1.pdf
    [2012.07.08 12:41:08 | 000,328,380 | ---- | C] () -- C:\Users\******\Documents\Kaufvertrag Mazda 2.pdf
    [2012.07.03 08:48:18 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
    [2012.06.15 18:14:20 | 001,917,129 | ---- | C] () -- C:\Users\******\Flash.pdf
    [2012.05.26 15:54:22 | 000,387,584 | ---- | C] () -- C:\Users\******\rescue2usb.exe
    [2012.05.26 15:51:52 | 274,356,224 | ---- | C] () -- C:\Users\******\kav_rescue_10.iso
    [2012.05.18 22:47:51 | 000,002,514 | ---- | C] () -- C:\Users\******\disc.info
    [2012.02.26 01:26:39 | 000,247,740 | ---- | C] () -- C:\Users\******\BoardingPassBIERODRIES******.pdf
    [2012.02.23 22:16:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
    [2012.02.12 23:00:36 | 000,092,341 | ---- | C] () -- C:\Users\******\Backup gizmo 12.02.2012.mpb
    [2012.01.12 12:22:01 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileOut.cns
    [2012.01.12 12:22:01 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileIn.cns
    [2012.01.06 21:00:19 | 000,060,675 | ---- | C] () -- C:\Users\******\classic.checkmytrip.com - RetrievePNR.pdf
    [2011.12.28 21:59:07 | 001,594,664 | ---- | C] () -- C:\Users\******\man_317.02.30_int.pdf
    [2011.12.13 00:43:51 | 029,229,928 | ---- | C] () -- C:\Users\******\Fotobuchexpress24_2.9.2.exe
    [2011.12.10 16:05:44 | 000,033,106 | ---- | C] () -- C:\Users\******\service-akademie.mn.man.de - historiedruckperson.pdf
    [2011.12.04 20:01:28 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
    [2011.11.06 21:56:23 | 000,088,746 | ---- | C] () -- C:\Users\******\cor.afterbuy.de - newstatus.pdf
    [2011.11.05 17:26:21 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{4EC56B3D-E7E3-40DF-B9AC-CCF38FFD922F}
    [2011.11.05 17:24:21 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{78AAF3F8-357F-4D83-8FE5-A5E3A631BF30}
    [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011.10.27 22:23:25 | 000,047,036 | ---- | C] () -- C:\Users\******\service.gmx.net - fax.pdf
    [2011.10.19 17:18:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011.10.19 17:18:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011.10.19 17:18:52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011.10.19 17:18:51 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011.10.12 20:37:35 | 000,078,501 | ---- | C] () -- C:\Users\******\Zert.MAN.pdf
    [2011.10.10 08:18:45 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{BCD1769A-6EEA-4381-8BD8-0DE12BF4AB5E}
    [2011.10.10 08:16:49 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{F9455363-A58E-4B56-8BA1-83EE67B32DFB}
    [2011.10.03 22:12:15 | 000,041,760 | ---- | C] () -- C:\Users\******\abmeldung_privat.pdf
    [2011.09.07 17:02:34 | 000,044,413 | ---- | C] () -- C:\Users\******\meine.deutsche-bank.de - domest.pdf
    [2011.09.07 17:00:18 | 000,045,643 | ---- | C] () -- C:\Users\******\meine.deutsche-bank.de - transfe.pdf
    [2011.09.07 12:47:10 | 000,135,680 | ---- | C] () -- C:\Windows\Windows.exe
    [2011.09.05 22:57:30 | 000,528,491 | ---- | C] () -- C:\Users\******\.TransferManager.db
    [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011.07.24 10:15:06 | 000,038,350 | ---- | C] () -- C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2011.06.23 21:10:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011.06.23 21:09:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011.05.18 22:58:00 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.05.08 20:33:38 | 000,128,789 | ---- | C] () -- C:\Users\******\img9.imageshack.us - chinaquadschaltplan.pdf
    [2011.04.29 00:44:29 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011.04.22 13:20:16 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini
    [2011.04.10 19:17:47 | 000,000,764 | ---- | C] () -- C:\Windows\MAZEPC.INI
    [2011.03.27 15:25:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\HLEMU.SYS
    [2011.03.27 15:25:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\drivers\WDREG.EXE
    [2011.03.27 15:20:24 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
    [2011.03.27 15:20:24 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
    [2011.03.06 16:47:56 | 000,996,881 | ---- | C] () -- C:\Users\******\woains24.zip
    [2011.03.06 16:43:38 | 018,600,654 | ---- | C] () -- C:\Users\******\woaberv2.zip
    [2011.02.15 20:47:30 | 000,783,433 | ---- | C] () -- C:\Users\******\xtravel_2007.zip
    [2011.02.09 23:53:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011.01.27 20:20:52 | 000,054,920 | ---- | C] () -- C:\Users\******\Barclaycard_Kündigungsschreiben[1].pdf
    [2011.01.16 23:48:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011.01.16 20:29:36 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini
    [2010.12.09 17:22:29 | 000,000,102 | ---- | C] () -- C:\Users\******\.ewanapi_cookie
    [2010.11.28 17:33:23 | 000,436,736 | ---- | C] () -- C:\Windows\System32\Autoserv.exe
    [2010.11.15 19:58:12 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010.11.04 16:30:43 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
    [2008.12.09 17:23:13 | 000,053,704 | RHS- | C] () -- C:\Users\******\AppData\Roaming\appconf32.exe
     
    ========== LOP Check ==========
     
    [2012.07.14 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\08001.058
    [2011.10.17 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Baumaschinen Simulator 2011
    [2012.07.29 23:03:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
    [2011.10.04 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\dpdhl.versandhelfer
    [2012.02.05 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\elsterformular
    [2011.12.13 00:45:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Fotobuchexpress24
    [2011.02.15 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo
    [2012.06.02 13:58:31 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GoPal Assistant
    [2012.07.14 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\kock
    [2011.12.30 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer
    [2011.11.24 13:02:27 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\News File Grabber
    [2012.02.26 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
    [2011.09.08 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Ovi Suite
    [2011.09.10 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Notepad++
    [2011.05.08 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
    [2010.12.31 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PDF Writer
    [2012.07.10 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\pdfforge
    [2011.11.21 00:19:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung
    [2012.05.27 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
    [2012.06.04 00:07:14 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Temp
    [2012.07.15 15:52:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\UAs
    [2012.07.28 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\UseNeXT
    [2010.12.12 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Windows Live Writer
    [2012.07.17 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\xmldm
    [2012.03.21 09:18:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012.01.13 19:51:02 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0D16593-0CA5-4050-852C-C73CF75D03BE}.job
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 29.07.2012 23:22:00 - Run 1
    OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\******\Downloads
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,36% Memory free
    6,50 Gb Paging File | 5,14 Gb Available in Paging File | 79,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 109,20 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
    Drive D: | 232,88 Gb Total Space | 44,51 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
     
    Computer Name: GISMO | User Name: ****** | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04B3EB8F-B379-4F2E-92DB-E5349740B0B2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
    "{05E13633-6C7A-4129-B87F-10DE4A251F00}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{0986349F-DA52-4330-85FA-3A7DC66C44EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{0F80AA8C-2DCE-4A68-A378-56991F3C909C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{1B330557-9CE1-4B00-8DD4-0DA92F6433F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{1D3C1CFC-DD4F-42DD-9B4A-533F29DB020C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{2555DC2B-15AA-4CE4-B8F2-EB8710E5AFE1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{294E9DB6-EE23-40AF-AA27-8F6C02059EEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{2C5050F8-E100-4B0E-B46A-A0AF7DF14A99}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{3EC28E1A-21C1-4EE6-B933-9F9E2C43FA59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{47987BEF-CA14-4355-9146-3F25D5A68E51}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{54EAAA07-286C-4353-A1F7-DDCDFDD7EDBB}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{59430334-3171-49A6-9B9E-53365F3769F6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{5BB751DB-327C-4C6C-9407-56B15D9D095E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
    "{62AC8211-CB25-413F-A266-8F53C6694965}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{674CA0DE-02E8-4302-BE3B-AFB9A3255E8A}" = lport=6102 | protocol=6 | dir=in | name=rdm | 
    "{6D85358E-5F6B-48E7-A0D8-D3A308B53107}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{74B66AD0-30D5-4707-9CB5-0FFB9512EAE6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{7A9430F9-D905-4CCC-9F99-8F68FDB4358B}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{7DCE10EF-666C-4215-B370-DCC73712B4E5}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{7FB8716A-02A8-4041-9731-869C7C164AA0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
    "{8386BF81-5A74-4CE1-9B21-4870F687ED89}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{86FDE7B7-A05D-40BE-8AF0-C8D7610464A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{87F8982C-6D4E-4F95-8718-F09035947CC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{8B469343-50FF-4EF4-9C1A-33234699F190}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{8BE373CB-F8D8-4AE9-961F-DDD54D5F4D04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{8C238A63-6DD0-4864-8E36-772836B3C1DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
    "{932B0AD1-B27E-4323-B486-B47BA4A02363}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{980C9928-2C86-42B7-A609-FB71A3CF644E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{9F27EF77-619E-40A4-9403-157268B5B426}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{A053FD33-C807-4FCE-A8DC-FFDB81325570}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{A4B9E2CD-C02E-48BD-AE98-6669DE569ADC}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{A9B4A3C6-6D21-46DF-B92E-01E282A70EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{AC405147-7FD9-4D64-A560-1AD10D48BA36}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{AEE6BBF5-0779-4F80-8450-43BBF78DD0C8}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{B2A22CC1-06DC-4CA7-B463-7CFCB90B4F27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B6F5DF32-E17F-46AC-8A7C-0C10F38FFF2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B8555B3A-9057-49AF-B1A8-3CFBCA19AEC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BDE8B70B-AF50-4352-B371-EDBFD2E1C816}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{C465A418-B51F-48C1-9846-20D8AC35FBAD}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{C81B2BFD-FA91-4D85-BF87-B81BA627440A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{CA005C80-3CDF-4DF3-849E-AD0DE12C2B31}" = rport=2869 | protocol=6 | dir=out | app=system | 
    "{CCA33594-005F-4F46-A897-8A5C9C0E6DA4}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{CD2A3546-C304-482B-9160-F890CBBBDB7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D029CBB8-A20D-4F10-9B95-D1B10D7354A0}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{D527D8AD-C9FB-4DB5-8116-328B2F6C14D9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{DA084538-22C6-48C9-8B82-57F0F8EC9B65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{DE61A4D5-EF1C-4079-920A-B8E4AAF6C223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F8D492C6-EF57-4FD0-B489-32B108B3B45D}" = rport=445 | protocol=6 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{048F9A23-5BAE-4655-9ED7-FFE51638108E}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
    "{0647C82F-DC8D-4F00-914B-CF29C56D02A9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
    "{092F2F10-2BCB-4C88-BBFD-632A7987B57B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{0A5EB357-AD7B-4DFA-AEC6-7BEC93051D05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{0D391B50-2E9B-4989-893B-8508D8C69B4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{17E3C8E5-238E-485A-AE1D-57F4A09EC496}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{189F2310-34C5-4D7C-8C77-58BB2FB58233}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
    "{1E21D51F-6F97-4044-BD72-6E9BEBB471AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{1F8E6C63-F7D0-4F75-97BA-84B26B982615}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{208FC42B-F752-442F-879B-3813493976E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
    "{22DA74CB-E5D0-45C4-9B26-D7D40A1770DF}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
    "{2B12B6AE-3CB9-4280-BF7A-C64504DF6CD3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{2C679338-E7A3-49C4-BC2C-2EC7EA2B4F89}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
    "{31239D59-B485-421A-82F1-0BCEA7069A1C}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
    "{33151A24-C975-412F-8514-4B29495631D0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{33374C89-A2F5-4FCE-A2E7-DC96D557C62B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{33766414-F29E-40E7-9EEA-32D8AB583060}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
    "{3E01FC6C-C59B-4666-926F-9B7A04D5F167}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{41AC6CA9-D9D1-4BF0-A3E1-BFF860C86027}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{420E70DA-C916-47EA-8379-1FE5544F32D7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{454B42FE-9C1B-445C-BAF1-29E0973537B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{46168370-DBC6-480F-9C9D-F66D06E8F751}" = protocol=6 | dir=out | app=system | 
    "{513A1B49-E95E-4655-A5D8-9FAE241EB812}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
    "{589145A6-56DC-4CC3-A519-D0EDEF98D8B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{59D3DCB3-20B4-4EB0-9FCF-5FBB2644A938}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
    "{61B69B73-1D5C-495A-B590-B4F15C1CC540}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
    "{624096CD-6FBC-49C4-90FD-B77FE8F4CFAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{70CA9018-C37F-4AD4-8C7E-664EDEA53921}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
    "{728AD5DD-4701-4369-9E1E-C9296B01A202}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{78AFDFED-DBC6-451E-BE1E-77B2F00EF963}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{798691BF-0FE6-4E94-8800-6FB2FBFFDC95}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
    "{7BFB97E0-48BE-4276-88C1-B4AE9066DC67}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
    "{7E9885A3-6CF4-4437-8C2C-E0BFEA8A28EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{8378CAFC-311B-4392-8484-2F8948EECB65}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{856716AC-4755-41F0-ACA4-A4C701C329D6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{857C0C18-9970-44A9-868B-E1619886DE42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{866D0047-70EB-45BC-AE50-B7E7B9EE29C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
    "{86E0A12A-EEFD-405E-B639-F2EA8B0AE714}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
    "{87FCE0E2-A7F2-4BDA-B6A2-42D1C43F57E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{88621E83-412F-44E7-AF5B-062F354F22B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{8A676F5E-DF96-429F-8637-63197084FF8F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{8E279D43-37EB-4BA5-804B-00EF4DF939E4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{8E3175BB-8449-443E-A842-BF4AC4411DA8}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
    "{98FA497E-C617-457C-A82C-5701E733EB9B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{9A0226F8-0C6A-41FA-8877-388E125F2F3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9C7B8CD4-78F3-4F05-99ED-10F788D543BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9DA3BF4E-7ACF-47B2-8840-5B1E7FBEDB0D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{A23D0F8B-4822-4E19-89BF-F3BC27CB0B87}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
    "{A3938ECC-C2D1-49A2-B615-5884788A5E79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{A88202F9-CCC0-477C-9C73-281F47680DDD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{A9343747-1F4F-4BAE-BB32-46D9BC1DBF13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
    "{ACA5A878-7263-4A33-A280-9EB816A84E12}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
    "{AE29F2D9-5BAE-4F5F-8026-9D010BE99527}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{B25BD395-0B48-44D5-AE1D-DF1693D89C19}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
    "{B468C61B-7656-4BAD-997B-1EA35775B47C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{B56DBF9D-972E-4733-A7ED-8B820EB25220}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
    "{B5957389-71AE-4D3D-A535-56B56086E3EC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
    "{BF9AD79D-1B96-4B8C-B594-6C8C9DEEA279}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{BFC32E83-FB11-41C0-81F5-4928EADFA351}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{C076A828-F49C-4D3E-8F75-CF7E5A6B41CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{C2D7C15C-A98E-4BCB-B1B8-9FAD0CEAF178}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
    "{C38BC6FC-3D9D-484C-B6F0-933B40EB281E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C502832C-BE2A-4F08-83B6-429BDF6A9A09}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{C69BAAD6-1692-478F-8CF0-A8472DD9708B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
    "{C8950E8B-83FB-496B-8477-FC3B8786215C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{C905316D-0263-47EA-80BB-5C23907AE13C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{C95AA612-725D-4E30-BD76-F3A60833AACB}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
    "{C9C3AE26-177F-4218-936D-494203AEF355}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{CFDC214E-43D3-48E9-AEF6-392B4F93ED36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D1888DDA-692F-46F1-A49C-7A3ED40C0EE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{D26E588F-D798-4F2A-B0BA-F8C640F5917D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{D28DD05A-E8C9-44C4-A23F-028D0EDAF2FA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{DE1970B9-A441-4961-A7C3-B7617E69D864}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{EE41C9C9-5ADC-48F7-9B5D-37C06F93AD96}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
    "{F0028C7F-9E8C-4527-A240-38EF44FA2CDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{F2C4FC5E-FBF3-4032-99D2-D0A714E7C3FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{F8C52912-7F9F-48BD-B6E5-E95A32E840EF}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
    "TCP Query User{208E8650-5986-46CD-B052-FB58D41BD622}C:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe | 
    "TCP Query User{5A682580-093B-4B9D-AF40-59CA90743474}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
    "TCP Query User{C2AC1876-243D-4546-AAF0-8F22C3CB78F6}C:\program files\usenext\usenext.exe" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe | 
    "TCP Query User{F5BC6026-5E68-47E4-9422-1EFE6C586535}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
    "TCP Query User{FACD0A34-9D10-468E-BA7F-81F91031E57B}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe | 
    "TCP Query User{FF20D0C0-CFE7-40C1-A7B2-98A14E2C1717}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{1AB4DC63-6DE2-46D2-BEAD-DEDE70F76174}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
    "UDP Query User{203173B1-A765-4A91-B37B-0A72A9848F08}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
    "UDP Query User{6E7D4D12-F2C4-4A11-8C50-94E2CA410E0F}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe | 
    "UDP Query User{82C4B5F0-5D11-4268-A86F-6DC158EF19F7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{AE44CEB1-6E4D-41DD-9529-5854EBD1B658}C:\program files\usenext\usenext.exe" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe | 
    "UDP Query User{CAA66DEF-E00F-4313-8413-46C91993B4F3}C:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08976F97-548A-4084-B6D4-0F0D766365C4}" = Kartendesigner für Visitenkarten 2
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{1B33999E-D695-4268-B13A-00354345D5D2}" = Deutsche Post E-Porto
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E05A119-6F1F-B27D-8B85-940463B60A94}" = Fotobuchexpress24 Bestellsoftware
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
    "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
    "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
    "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
    "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "{E8B2A284-C30C-CDE0-45B5-C2CD1A278FEE}" = Versandhelfer
    "{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator Version 1.0
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "18 WoS Extreme Trucker 2" = 18 WoS Extreme Trucker 2 (v.1.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
    "5513-1208-7298-9440" = JDownloader 0.9
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
    "Assistant" = Assistant 5.05.013
    "BizTrip-XL 2006 DEMOVERSION_is1" = BizTrip-XL 2006 DEMOVERSION
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
    "CCleaner" = CCleaner
    "DivX Setup.divx.com" = DivX-Setup
    "dpdhl.versandhelfer" = Versandhelfer
    "ElsterFormular 13.0.0.8086p" = ElsterFormular
    "Fotobuchexpress24" = Fotobuchexpress24 Bestellsoftware
    "FSX Missions - A321 Lufthansa" = FSX Missions - A321 Lufthansa
    "German Truck Simulator" = German Truck Simulator 1.04
    "Google Chrome" = Google Chrome
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
    "MAN 1024x768.scr" = MAN 1024x768 ScreenSaver
    "MAN Neue Motoren Generation D20 1.0_is1" = MAN Neue Motoren Generation D20 1.0
    "MAZDA EPC2" = MAZDA EPC2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
    "MPE" = MyPhoneExplorer
    "NAVIGON Fresh" = NAVIGON Fresh 3.4.1
    "News File Grabber_is1" = News File Grabber 4.6.0.4
    "Nokia Suite" = Nokia Suite
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "ProTrain 4    Hamburg-Berlin 4.0" = ProTrain 4    Hamburg-Berlin 4.0
    "ProTrain Vogelfluglinie 1.0" = ProTrain Vogelfluglinie 1.0
    "RealPlayer 12.0" = RealPlayer
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "Sweet Home 3D_is1" = Sweet Home 3D version 3.1
    "Tank Simulation" = Tank Simulation
    "TeamViewer 7" = TeamViewer 7
    "Train Simulator 1.0" = Microsoft Train Simulator
    "Train Store (German Language Pack)" = Train Store (German Language Pack)
    "Train Store V3.2" = Train Store V3.2
    "Trucks & Trailers" = Trucks & Trailers 1.00
    "uninstall.exe" = iLinc Client
    "UseNeXT_is1" = UseNeXT
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 Beta 3 (32-Bit)
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Kies Air Discovery Service" = Kies Air Discovery Service
    "MyFreeCodec" = MyFreeCodec
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 28.07.2012 07:03:39 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: NOTEPAD.EXE, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052bc3  ID des fehlerhaften
     Prozesses: 0x1314  Startzeit der fehlerhaften Anwendung: 0x01cd6cb0a3a37980  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\NOTEPAD.EXE  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e2404060-d8a3-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:09:21 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.310.5, Zeitstempel:
     0x4f2c9e1c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
     0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00077c29  ID des fehlerhaften Prozesses:
     0x530  Startzeit der fehlerhaften Anwendung: 0x01cd6cb16fd70490  Pfad der fehlerhaften
     Anwendung: C:\Program Files\Java\jre6\bin\javaw.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ae275920-d8a4-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:27:39 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000455a8  ID des fehlerhaften
     Prozesses: 0x838  Startzeit der fehlerhaften Anwendung: 0x01cd6cb3fd9dbf60  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3c847fc0-d8a7-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:32:29 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Drive Manager.exe, Version: 1.0.149.0,
     Zeitstempel: 0x4face35b  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1,
     Zeitstempel: 0x4d5f0c22  Ausnahmecode: 0x40000015  Fehleroffset: 0x0008d6fd  ID des fehlerhaften
     Prozesses: 0xde0  Startzeit der fehlerhaften Anwendung: 0x01cd6cb46a52e900  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\system32\MSVCR100.dll  Berichtskennung: e96238e0-d8a7-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 17:12:16 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
     Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0dcef306  ID des fehlerhaften
     Prozesses: 0x1150  Startzeit der fehlerhaften Anwendung: 0x01cd6d05a8bea1b0  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
     unknown  Berichtskennung: e806fa70-d8f8-11e1-84d2-002197ec83a8
     
    Error - 28.07.2012 17:17:44 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052bc3  ID des fehlerhaften
     Prozesses: 0xd74  Startzeit der fehlerhaften Anwendung: 0x01cd6d066d56aa40  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: abb83ce0-d8f9-11e1-84d2-002197ec83a8
     
    Error - 28.07.2012 17:19:29 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a5e0a  ID des fehlerhaften
     Prozesses: 0x1018  Startzeit der fehlerhaften Anwendung: 0x01cd6d06ac8ebf40  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ea680f10-d8f9-11e1-84d2-002197ec83a8
     
    Error - 29.07.2012 07:35:01 | Computer Name = Gismo | Source = System Restore | ID = 8206
    Description = 
     
    Error - 29.07.2012 16:54:31 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: rundll32.exe_g7i0ol_kaz.exe, Version:
     6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: unknown, Version:
     0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0dcef306
    ID
     des fehlerhaften Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cd6dcc58470610
    Pfad
     der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe  Pfad des fehlerhaften
     Moduls: unknown  Berichtskennung: 976baa30-d9bf-11e1-a507-002197ec83a8
     
    Error - 29.07.2012 17:13:27 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 
    7.0.7601.17610, Zeitstempel: 0x4dc0c63a  Name des fehlerhaften Moduls: ntdll.dll, 
    Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
     0x0005f9c5  ID des fehlerhaften Prozesses: 0xd9c  Startzeit der fehlerhaften Anwendung:
     0x01cd6dcefe8f30e0  Pfad der fehlerhaften Anwendung: C:\Windows\system32\SearchProtocolHost.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3cf9eb40-d9c2-11e1-a507-002197ec83a8
     
    [ System Events ]
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" wurde 
    aufgrund folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Bluetooth-Gerät (PAN)" wurde aufgrund folgenden Fehlers
     nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Belkin USB Wireless LAN Card Driver for Vista" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "NVIDIA nForce-Netzwerkcontrollertreiber" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Ralink 802.11n USB Wireless LAN Card Driver" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%2
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "USB-RNDIS-Adapter" wurde aufgrund folgenden Fehlers nicht
     gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "VMware Virtual Ethernet Adapter Driver" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Microsoft Virtual WiFi Miniport Service" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:06 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%193
     
     
    < End of report >

  4. #4
    Einsteiger
    Registriert seit
    29.07.2012
    Beiträge
    4
    Code:
    OTL logfile created on: 29.07.2012 23:22:00 - Run 1
    OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\*****\Downloads
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,36% Memory free
    6,50 Gb Paging File | 5,14 Gb Available in Paging File | 79,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 109,20 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
    Drive D: | 232,88 Gb Total Space | 44,51 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
     
    Computer Name: ***** | User Name: ****** | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.07.29 23:18:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
    PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
    PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
    PRC - [2012.05.11 19:03:26 | 005,798,008 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
    PRC - [2012.05.11 19:00:22 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
    PRC - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    PRC - [2012.05.11 19:00:08 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
    PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
    PRC - [2012.01.10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2012.01.04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    PRC - [2011.10.27 21:35:20 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011.08.02 11:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
    PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
    PRC - [2009.12.16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
    PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
    PRC - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
    PRC - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
    PRC - [2009.10.22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009.07.08 09:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
    PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2009.05.28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2008.07.11 08:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    PRC - [2008.07.11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
    PRC - [2003.12.03 11:01:48 | 000,327,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\HLS32SVC.EXE
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.06.26 23:34:32 | 000,115,137 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    MOD - [2012.06.15 18:37:23 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
    MOD - [2012.06.15 18:29:58 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
    MOD - [2012.06.15 18:29:46 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
    MOD - [2012.06.15 18:29:36 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
    MOD - [2012.06.15 18:29:35 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
    MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012.05.19 10:25:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
    MOD - [2012.05.18 21:18:53 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
    MOD - [2012.05.18 21:17:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.18 21:17:18 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
    MOD - [2012.05.18 20:55:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
    MOD - [2012.05.18 20:54:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
    MOD - [2012.05.18 20:54:41 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
    MOD - [2012.05.18 20:54:29 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
    MOD - [2012.05.18 20:54:21 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
    MOD - [2012.01.10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012.01.10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012.01.10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
    MOD - [2012.01.10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012.01.10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
    MOD - [2012.01.10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
    MOD - [2012.01.10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012.01.10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012.01.10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012.01.10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012.01.10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012.01.10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012.01.10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012.01.10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012.01.10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012.01.10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012.01.10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012.01.10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012.01.10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
    MOD - [2012.01.10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
    MOD - [2012.01.10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
    MOD - [2012.01.10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
    MOD - [2012.01.10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
    MOD - [2012.01.10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
    MOD - [2012.01.10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012.01.05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
    MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
    MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
    MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
    MOD - [2009.08.28 07:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2009.07.13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009.07.13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
    MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - [2012.07.28 13:07:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
    SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
    SRV - [2012.02.23 22:12:36 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
    SRV - [2011.08.02 11:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
    SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010.11.04 16:19:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
    SRV - [2009.12.16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
    SRV - [2009.10.22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
    SRV - [2009.10.22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009.10.22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009.10.22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009.07.08 09:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008.07.11 08:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
    SRV - [2008.07.11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
    SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2003.12.03 11:01:48 | 000,327,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\HLS32SVC.EXE -- (HLServer)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ala7qsrt)
    DRV - [2012.07.28 12:34:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
    DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
    DRV - [2012.02.24 11:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2012.02.24 11:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2011.12.04 20:02:08 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
    DRV - [2011.12.03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20111203.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011.12.03 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011.12.03 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011.12.03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20111203.009\NAVENG.SYS -- (NAVENG)
    DRV - [2011.11.28 22:48:56 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20111201.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011.11.23 20:23:48 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
    DRV - [2011.11.23 19:56:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20111130.012\IDSvix86.sys -- (IDSVix86)
    DRV - [2011.11.16 21:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys -- (SymNetS)
    DRV - [2011.11.16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
    DRV - [2011.11.04 17:59:36 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
    DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
    DRV - [2011.05.19 09:33:56 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
    DRV - [2011.03.11 03:09:36 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
    DRV - [2010.11.28 17:25:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009.11.06 09:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
    DRV - [2009.11.02 19:12:08 | 000,762,112 | ---- | M] (none) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adatadrv.sys -- (adatadrv)
    DRV - [2009.10.22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
    DRV - [2009.10.22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
    DRV - [2009.10.22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2009.10.22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2009.10.22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
    DRV - [2009.10.22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
    DRV - [2009.10.22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2009.10.22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2009.10.12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009.08.20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
    DRV - [2009.08.05 22:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009.07.08 09:07:00 | 009,786,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009.07.07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009.07.07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2009.07.01 12:20:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008.07.11 08:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
    DRV - [2008.07.11 08:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
    DRV - [2007.11.07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2007.08.13 20:48:46 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2006.09.20 15:36:38 | 000,098,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HLEMU.SYS -- (hlemu)
    DRV - [2004.10.18 16:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\******\Downloads\ANdroid
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A7 F0 45 26 7C CB 01  [binary data]
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes,DefaultScope = {84C033DE-7795-4539-B971-89D519B51EF0}
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\..\SearchScopes\{84C033DE-7795-4539-B971-89D519B51EF0}: "URL" = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=ddrnw"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100581&babsrc=adbartrp&mntrId=30dd2d0f00000000000094445286b56b&q="
    FF - prefs.js..network.proxy.type: 0
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 02:35:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 02:35:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 23:37:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012.02.26 12:39:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\******\AppData\Roaming\08001.058 [2012.07.14 12:25:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.07.28 12:34:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.07.29 22:57:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.04 22:27:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.04 22:27:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.26 12:40:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\******\AppData\Roaming\08001.058 [2012.07.14 12:25:20 | 000,000,000 | ---D | M]
     
    [2010.11.06 08:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
    [2012.05.05 11:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions
    [2011.12.30 21:49:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions\ffxtlbr@babylon.com
    [2012.05.05 11:00:42 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\dyl86mui.default\extensions\ffxtlbr@funmoods.com
    [2012.05.05 10:29:54 | 000,001,799 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\dyl86mui.default\searchplugins\funmoods.xml
    [2012.04.15 14:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2011.10.02 19:06:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2012.04.15 14:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012.04.15 14:27:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2011.12.31 12:14:29 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\mozilla firefox\extensions\adapter@babylontc.com
    [2012.02.05 20:36:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.04.15 14:27:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.12.30 21:49:39 | 000,002,311 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    ========== Chrome  ==========
     
    CHR - homepage: http://start.funmoods.com/?f=1&a=ddrnw
    CHR - default_search_provider: Search (Enabled)
    CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
    CHR - default_search_provider: suggest_url = 
    CHR - homepage: http://start.funmoods.com/?f=1&a=ddrnw
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Funmoods = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
    CHR - Extension: Funmoods = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
    CHR - Extension: DivX HiQ = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKLM..\Run: [Volvo Penta Synchronizer] "C:\Program Files\LinkOne5\Volvo Penta Synchronizer\Synchronizer.exe" File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: []  File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKU\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://man.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F7B9E25-74B5-43C9-BE69-EAB067DF147D}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EE232AB-EE74-4BAA-B874-3EE92F2E0DC5}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EEF0B44-B5D0-45B5-B27C-832F98B5A9E1}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8173E701-121E-4370-9900-C8BD32FD7D79}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978162F4-6234-488A-9222-659AB78C1D38}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1B85458-41B7-435D-87C4-E953EF47BA8A}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B25A9930-3F99-426C-BE87-C5F4D2E0FBCF}: DhcpNameServer = 195.50.140.246 195.50.140.180
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC8B495A-AC02-4877-856E-B78C1D044A29}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD84163C-E6EA-44E2-88FD-A4A5A819AE36}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Users\******\AppData\Roaming\appconf32.exe) - C:\Users\******\AppData\Roaming\appconf32.exe ()
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{cabf9dcc-d8be-11e0-b405-002197ec83a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{cabf9dcc-d8be-11e0-b405-002197ec83a8}\Shell\AutoRun\command - "" = G:\Startme.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.07.29 22:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012.07.29 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012.07.29 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\******\Kaspersky Rescue2Usb
    [2012.07.28 12:49:37 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys
    [2012.07.28 12:49:37 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys
    [2012.07.28 12:49:37 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys
    [2012.07.28 12:49:37 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys
    [2012.07.28 12:49:37 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys
    [2012.07.28 12:49:37 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys
    [2012.07.28 12:49:36 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys
    [2012.07.28 12:49:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0602010.005
    [2012.07.28 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\CrashDumps
    [2012.07.28 12:34:24 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012.07.28 12:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012.07.28 12:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012.07.28 12:33:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
    [2012.07.28 12:33:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2012.07.28 12:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2012.07.28 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2012.07.28 12:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2012.07.28 12:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012.07.28 11:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus
    [2012.07.20 23:12:34 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\CLP-310_Print
    [2012.07.20 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\******\temp
    [2012.07.15 21:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Acclaim Entertainment
    [2012.07.15 21:13:40 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
    [2012.07.14 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\UAs
    [2012.07.14 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\08001.058
    [2012.07.14 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\xmldm
    [2012.07.14 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\kock
    [2012.07.11 03:08:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012.07.11 03:08:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012.07.11 03:08:16 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012.07.11 03:08:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012.07.11 03:08:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012.07.11 03:08:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012.07.11 03:08:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012.07.11 03:02:07 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012.07.10 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\PDF24
    [2012.07.10 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
    [2012.07.10 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
    [2012.07.10 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    [2012.07.10 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\pdfforge
    [2012.07.10 20:13:02 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
    [2012.07.10 20:13:02 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
    [2012.07.10 20:13:02 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
    [2012.07.10 20:13:01 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
    [2012.07.10 20:13:01 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
    [2012.07.10 20:13:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
    [2012.07.10 20:13:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
    [2012.07.10 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
    [2012.07.10 20:01:28 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012.07.10 20:01:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2012.07.10 20:01:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
    [2012.07.01 20:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012.07.01 20:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
    [2012.07.01 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP3
    [2012.07.01 20:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
    [2012.07.01 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
    [2012.04.23 17:58:40 | 029,771,072 | ---- | C] (Samsung                                                     ) -- C:\Users\******\CLP-310_Print.exe
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\******\AppData\Roaming\*.tmp files -> C:\Users\******\AppData\Roaming\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.07.29 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.07.29 22:59:03 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.07.29 22:59:03 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.07.29 22:58:17 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012.07.29 22:54:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.07.29 22:53:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.07.29 22:53:45 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
    [2012.07.29 13:40:01 | 000,674,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2012.07.29 13:40:01 | 000,625,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012.07.29 13:40:01 | 000,136,630 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2012.07.29 13:40:01 | 000,112,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012.07.29 13:36:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.07.29 13:34:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
    [2012.07.28 13:07:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012.07.28 13:07:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012.07.28 12:52:15 | 001,504,931 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
    [2012.07.28 12:34:23 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012.07.28 12:34:23 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012.07.28 12:34:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012.07.28 12:32:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012.07.28 11:35:59 | 000,001,887 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012.07.28 11:12:32 | 000,588,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012.07.28 11:08:44 | 000,001,782 | ---- | M] () -- C:\Users\******\Desktop\Samsung Drive Manager.lnk
    [2012.07.28 11:08:44 | 000,001,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
    [2012.07.21 11:50:57 | 000,063,637 | ---- | M] () -- C:\Users\******\Einstell-& Drehmomentwerte Picanto.pdf
    [2012.07.21 11:47:54 | 000,180,211 | ---- | M] () -- C:\Users\******\Zahnriemen Picanto.pdf
    [2012.07.20 23:16:14 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
    [2012.07.18 19:15:23 | 000,031,179 | ---- | M] () -- C:\Users\******\Speedport_W723V_1.24.000_18.07.12_1915.bin
    [2012.07.17 18:54:33 | 000,000,013 | ---- | M] () -- C:\Users\******\AppData\Roaming\urhtps.dat
    [2012.07.14 12:34:34 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012.07.14 12:25:09 | 000,000,051 | ---- | M] () -- C:\Users\******\AppData\Roaming\blckdom.res
    [2012.07.10 20:28:00 | 000,786,808 | ---- | M] () -- C:\Users\******\Documents\Grundbucheintrag Saarner Str.211.pdf
    [2012.07.10 20:21:18 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
    [2012.07.10 20:21:18 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
    [2012.07.10 20:13:07 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.07.09 21:51:20 | 000,473,976 | ---- | M] () -- C:\Users\******\www.real-onlineshop.de - 1.pdf
    [2012.07.08 12:41:08 | 000,328,380 | ---- | M] () -- C:\Users\******\Documents\Kaufvertrag Mazda 2.pdf
    [2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
    [2012.07.03 23:29:31 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\******\AppData\Roaming\*.tmp files -> C:\Users\******\AppData\Roaming\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.07.29 22:58:17 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012.07.28 12:51:44 | 001,504,931 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
    [2012.07.28 12:49:37 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.cat
    [2012.07.28 12:49:37 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.cat
    [2012.07.28 12:49:37 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.cat
    [2012.07.28 12:49:37 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.cat
    [2012.07.28 12:49:37 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.cat
    [2012.07.28 12:49:37 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.inf
    [2012.07.28 12:49:37 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.inf
    [2012.07.28 12:49:37 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.inf
    [2012.07.28 12:49:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.inf
    [2012.07.28 12:49:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.inf
    [2012.07.28 12:49:37 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.inf
    [2012.07.28 12:49:36 | 000,007,468 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.cat
    [2012.07.28 12:49:36 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.cat
    [2012.07.28 12:49:36 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.inf
    [2012.07.28 12:49:33 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symvtcer.dat
    [2012.07.28 12:49:33 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
    [2012.07.28 12:34:24 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012.07.28 12:34:24 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012.07.28 11:35:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
    [2012.07.28 11:35:59 | 000,001,887 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012.07.28 11:08:44 | 000,001,782 | ---- | C] () -- C:\Users\******\Desktop\Samsung Drive Manager.lnk
    [2012.07.28 11:08:44 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
    [2012.07.21 11:49:08 | 000,063,637 | ---- | C] () -- C:\Users\******\Einstell-& Drehmomentwerte Picanto.pdf
    [2012.07.21 11:47:54 | 000,180,211 | ---- | C] () -- C:\Users\******\Zahnriemen Picanto.pdf
    [2012.07.18 19:15:23 | 000,031,179 | ---- | C] () -- C:\Users\******\Speedport_W723V_1.24.000_18.07.12_1915.bin
    [2012.07.17 18:54:33 | 000,000,013 | ---- | C] () -- C:\Users\******\AppData\Roaming\urhtps.dat
    [2012.07.14 12:25:09 | 000,000,051 | ---- | C] () -- C:\Users\******\AppData\Roaming\blckdom.res
    [2012.07.10 20:27:59 | 000,786,808 | ---- | C] () -- C:\Users\******\Documents\Grundbucheintrag Saarner Str.211.pdf
    [2012.07.10 20:21:18 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
    [2012.07.10 20:21:18 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
    [2012.07.10 20:13:07 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
    [2012.07.09 21:51:20 | 000,473,976 | ---- | C] () -- C:\Users\******\www.real-onlineshop.de - 1.pdf
    [2012.07.08 12:41:08 | 000,328,380 | ---- | C] () -- C:\Users\******\Documents\Kaufvertrag Mazda 2.pdf
    [2012.07.03 08:48:18 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
    [2012.06.15 18:14:20 | 001,917,129 | ---- | C] () -- C:\Users\******\Flash.pdf
    [2012.05.26 15:54:22 | 000,387,584 | ---- | C] () -- C:\Users\******\rescue2usb.exe
    [2012.05.26 15:51:52 | 274,356,224 | ---- | C] () -- C:\Users\******\kav_rescue_10.iso
    [2012.05.18 22:47:51 | 000,002,514 | ---- | C] () -- C:\Users\******\disc.info
    [2012.02.26 01:26:39 | 000,247,740 | ---- | C] () -- C:\Users\******\BoardingPassBIERODRIES******.pdf
    [2012.02.23 22:16:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
    [2012.02.12 23:00:36 | 000,092,341 | ---- | C] () -- C:\Users\******\Backup gizmo 12.02.2012.mpb
    [2012.01.12 12:22:01 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileOut.cns
    [2012.01.12 12:22:01 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Roaming\FileIn.cns
    [2012.01.06 21:00:19 | 000,060,675 | ---- | C] () -- C:\Users\******\classic.checkmytrip.com - RetrievePNR.pdf
    [2011.12.28 21:59:07 | 001,594,664 | ---- | C] () -- C:\Users\******\man_317.02.30_int.pdf
    [2011.12.13 00:43:51 | 029,229,928 | ---- | C] () -- C:\Users\******\Fotobuchexpress24_2.9.2.exe
    [2011.12.10 16:05:44 | 000,033,106 | ---- | C] () -- C:\Users\******\service-akademie.mn.man.de - historiedruckperson.pdf
    [2011.12.04 20:01:28 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
    [2011.11.06 21:56:23 | 000,088,746 | ---- | C] () -- C:\Users\******\cor.afterbuy.de - newstatus.pdf
    [2011.11.05 17:26:21 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{4EC56B3D-E7E3-40DF-B9AC-CCF38FFD922F}
    [2011.11.05 17:24:21 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{78AAF3F8-357F-4D83-8FE5-A5E3A631BF30}
    [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011.10.27 22:23:25 | 000,047,036 | ---- | C] () -- C:\Users\******\service.gmx.net - fax.pdf
    [2011.10.19 17:18:57 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011.10.19 17:18:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011.10.19 17:18:52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011.10.19 17:18:51 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011.10.12 20:37:35 | 000,078,501 | ---- | C] () -- C:\Users\******\Zert.MAN.pdf
    [2011.10.10 08:18:45 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{BCD1769A-6EEA-4381-8BD8-0DE12BF4AB5E}
    [2011.10.10 08:16:49 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{F9455363-A58E-4B56-8BA1-83EE67B32DFB}
    [2011.10.03 22:12:15 | 000,041,760 | ---- | C] () -- C:\Users\******\abmeldung_privat.pdf
    [2011.09.07 17:02:34 | 000,044,413 | ---- | C] () -- C:\Users\******\meine.deutsche-bank.de - domest.pdf
    [2011.09.07 17:00:18 | 000,045,643 | ---- | C] () -- C:\Users\******\meine.deutsche-bank.de - transfe.pdf
    [2011.09.07 12:47:10 | 000,135,680 | ---- | C] () -- C:\Windows\Windows.exe
    [2011.09.05 22:57:30 | 000,528,491 | ---- | C] () -- C:\Users\******\.TransferManager.db
    [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011.07.24 10:15:06 | 000,038,350 | ---- | C] () -- C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
    [2011.06.23 21:10:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011.06.23 21:09:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011.05.18 22:58:00 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.05.08 20:33:38 | 000,128,789 | ---- | C] () -- C:\Users\******\img9.imageshack.us - chinaquadschaltplan.pdf
    [2011.04.29 00:44:29 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011.04.22 13:20:16 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini
    [2011.04.10 19:17:47 | 000,000,764 | ---- | C] () -- C:\Windows\MAZEPC.INI
    [2011.03.27 15:25:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\HLEMU.SYS
    [2011.03.27 15:25:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\drivers\WDREG.EXE
    [2011.03.27 15:20:24 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
    [2011.03.27 15:20:24 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
    [2011.03.06 16:47:56 | 000,996,881 | ---- | C] () -- C:\Users\******\woains24.zip
    [2011.03.06 16:43:38 | 018,600,654 | ---- | C] () -- C:\Users\******\woaberv2.zip
    [2011.02.15 20:47:30 | 000,783,433 | ---- | C] () -- C:\Users\******\xtravel_2007.zip
    [2011.02.09 23:53:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011.01.27 20:20:52 | 000,054,920 | ---- | C] () -- C:\Users\******\Barclaycard_Kündigungsschreiben[1].pdf
    [2011.01.16 23:48:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011.01.16 20:29:36 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini
    [2010.12.09 17:22:29 | 000,000,102 | ---- | C] () -- C:\Users\******\.ewanapi_cookie
    [2010.11.28 17:33:23 | 000,436,736 | ---- | C] () -- C:\Windows\System32\Autoserv.exe
    [2010.11.15 19:58:12 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010.11.04 16:30:43 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
    [2008.12.09 17:23:13 | 000,053,704 | RHS- | C] () -- C:\Users\******\AppData\Roaming\appconf32.exe
     
    ========== LOP Check ==========
     
    [2012.07.14 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\08001.058
    [2011.10.17 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Baumaschinen Simulator 2011
    [2012.07.29 23:03:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
    [2011.10.04 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\dpdhl.versandhelfer
    [2012.02.05 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\elsterformular
    [2011.12.13 00:45:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Fotobuchexpress24
    [2011.02.15 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo
    [2012.06.02 13:58:31 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GoPal Assistant
    [2012.07.14 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\kock
    [2011.12.30 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer
    [2011.11.24 13:02:27 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\News File Grabber
    [2012.02.26 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
    [2011.09.08 20:38:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Ovi Suite
    [2011.09.10 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Notepad++
    [2011.05.08 09:47:25 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
    [2010.12.31 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PDF Writer
    [2012.07.10 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\pdfforge
    [2011.11.21 00:19:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung
    [2012.05.27 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
    [2012.06.04 00:07:14 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Temp
    [2012.07.15 15:52:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\UAs
    [2012.07.28 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\UseNeXT
    [2010.12.12 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Windows Live Writer
    [2012.07.17 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\xmldm
    [2012.03.21 09:18:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012.01.13 19:51:02 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0D16593-0CA5-4050-852C-C73CF75D03BE}.job
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 29.07.2012 23:22:00 - Run 1
    OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\******\Downloads
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,36% Memory free
    6,50 Gb Paging File | 5,14 Gb Available in Paging File | 79,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 109,20 Gb Free Space | 23,45% Space Free | Partition Type: NTFS
    Drive D: | 232,88 Gb Total Space | 44,51 Gb Free Space | 19,11% Space Free | Partition Type: NTFS
     
    Computer Name: GISMO | User Name: ****** | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04B3EB8F-B379-4F2E-92DB-E5349740B0B2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
    "{05E13633-6C7A-4129-B87F-10DE4A251F00}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{0986349F-DA52-4330-85FA-3A7DC66C44EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{0F80AA8C-2DCE-4A68-A378-56991F3C909C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{1B330557-9CE1-4B00-8DD4-0DA92F6433F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{1D3C1CFC-DD4F-42DD-9B4A-533F29DB020C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{2555DC2B-15AA-4CE4-B8F2-EB8710E5AFE1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{294E9DB6-EE23-40AF-AA27-8F6C02059EEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{2C5050F8-E100-4B0E-B46A-A0AF7DF14A99}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{3EC28E1A-21C1-4EE6-B933-9F9E2C43FA59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{47987BEF-CA14-4355-9146-3F25D5A68E51}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{54EAAA07-286C-4353-A1F7-DDCDFDD7EDBB}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{59430334-3171-49A6-9B9E-53365F3769F6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{5BB751DB-327C-4C6C-9407-56B15D9D095E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
    "{62AC8211-CB25-413F-A266-8F53C6694965}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{674CA0DE-02E8-4302-BE3B-AFB9A3255E8A}" = lport=6102 | protocol=6 | dir=in | name=rdm | 
    "{6D85358E-5F6B-48E7-A0D8-D3A308B53107}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{74B66AD0-30D5-4707-9CB5-0FFB9512EAE6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{7A9430F9-D905-4CCC-9F99-8F68FDB4358B}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{7DCE10EF-666C-4215-B370-DCC73712B4E5}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{7FB8716A-02A8-4041-9731-869C7C164AA0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
    "{8386BF81-5A74-4CE1-9B21-4870F687ED89}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{86FDE7B7-A05D-40BE-8AF0-C8D7610464A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{87F8982C-6D4E-4F95-8718-F09035947CC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{8B469343-50FF-4EF4-9C1A-33234699F190}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{8BE373CB-F8D8-4AE9-961F-DDD54D5F4D04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{8C238A63-6DD0-4864-8E36-772836B3C1DC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
    "{932B0AD1-B27E-4323-B486-B47BA4A02363}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
    "{980C9928-2C86-42B7-A609-FB71A3CF644E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{9F27EF77-619E-40A4-9403-157268B5B426}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{A053FD33-C807-4FCE-A8DC-FFDB81325570}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{A4B9E2CD-C02E-48BD-AE98-6669DE569ADC}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{A9B4A3C6-6D21-46DF-B92E-01E282A70EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{AC405147-7FD9-4D64-A560-1AD10D48BA36}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{AEE6BBF5-0779-4F80-8450-43BBF78DD0C8}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{B2A22CC1-06DC-4CA7-B463-7CFCB90B4F27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B6F5DF32-E17F-46AC-8A7C-0C10F38FFF2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B8555B3A-9057-49AF-B1A8-3CFBCA19AEC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BDE8B70B-AF50-4352-B371-EDBFD2E1C816}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{C465A418-B51F-48C1-9846-20D8AC35FBAD}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{C81B2BFD-FA91-4D85-BF87-B81BA627440A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{CA005C80-3CDF-4DF3-849E-AD0DE12C2B31}" = rport=2869 | protocol=6 | dir=out | app=system | 
    "{CCA33594-005F-4F46-A897-8A5C9C0E6DA4}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{CD2A3546-C304-482B-9160-F890CBBBDB7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{D029CBB8-A20D-4F10-9B95-D1B10D7354A0}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{D527D8AD-C9FB-4DB5-8116-328B2F6C14D9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{DA084538-22C6-48C9-8B82-57F0F8EC9B65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
    "{DE61A4D5-EF1C-4079-920A-B8E4AAF6C223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F8D492C6-EF57-4FD0-B489-32B108B3B45D}" = rport=445 | protocol=6 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{048F9A23-5BAE-4655-9ED7-FFE51638108E}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
    "{0647C82F-DC8D-4F00-914B-CF29C56D02A9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
    "{092F2F10-2BCB-4C88-BBFD-632A7987B57B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{0A5EB357-AD7B-4DFA-AEC6-7BEC93051D05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{0D391B50-2E9B-4989-893B-8508D8C69B4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{17E3C8E5-238E-485A-AE1D-57F4A09EC496}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{189F2310-34C5-4D7C-8C77-58BB2FB58233}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
    "{1E21D51F-6F97-4044-BD72-6E9BEBB471AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{1F8E6C63-F7D0-4F75-97BA-84B26B982615}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{208FC42B-F752-442F-879B-3813493976E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
    "{22DA74CB-E5D0-45C4-9B26-D7D40A1770DF}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
    "{2B12B6AE-3CB9-4280-BF7A-C64504DF6CD3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{2C679338-E7A3-49C4-BC2C-2EC7EA2B4F89}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
    "{31239D59-B485-421A-82F1-0BCEA7069A1C}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
    "{33151A24-C975-412F-8514-4B29495631D0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
    "{33374C89-A2F5-4FCE-A2E7-DC96D557C62B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{33766414-F29E-40E7-9EEA-32D8AB583060}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
    "{3E01FC6C-C59B-4666-926F-9B7A04D5F167}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{41AC6CA9-D9D1-4BF0-A3E1-BFF860C86027}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{420E70DA-C916-47EA-8379-1FE5544F32D7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{454B42FE-9C1B-445C-BAF1-29E0973537B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{46168370-DBC6-480F-9C9D-F66D06E8F751}" = protocol=6 | dir=out | app=system | 
    "{513A1B49-E95E-4655-A5D8-9FAE241EB812}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
    "{589145A6-56DC-4CC3-A519-D0EDEF98D8B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{59D3DCB3-20B4-4EB0-9FCF-5FBB2644A938}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
    "{61B69B73-1D5C-495A-B590-B4F15C1CC540}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
    "{624096CD-6FBC-49C4-90FD-B77FE8F4CFAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{70CA9018-C37F-4AD4-8C7E-664EDEA53921}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
    "{728AD5DD-4701-4369-9E1E-C9296B01A202}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{78AFDFED-DBC6-451E-BE1E-77B2F00EF963}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{798691BF-0FE6-4E94-8800-6FB2FBFFDC95}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
    "{7BFB97E0-48BE-4276-88C1-B4AE9066DC67}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
    "{7E9885A3-6CF4-4437-8C2C-E0BFEA8A28EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{8378CAFC-311B-4392-8484-2F8948EECB65}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{856716AC-4755-41F0-ACA4-A4C701C329D6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{857C0C18-9970-44A9-868B-E1619886DE42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{866D0047-70EB-45BC-AE50-B7E7B9EE29C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
    "{86E0A12A-EEFD-405E-B639-F2EA8B0AE714}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
    "{87FCE0E2-A7F2-4BDA-B6A2-42D1C43F57E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{88621E83-412F-44E7-AF5B-062F354F22B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{8A676F5E-DF96-429F-8637-63197084FF8F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{8E279D43-37EB-4BA5-804B-00EF4DF939E4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{8E3175BB-8449-443E-A842-BF4AC4411DA8}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
    "{98FA497E-C617-457C-A82C-5701E733EB9B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{9A0226F8-0C6A-41FA-8877-388E125F2F3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9C7B8CD4-78F3-4F05-99ED-10F788D543BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{9DA3BF4E-7ACF-47B2-8840-5B1E7FBEDB0D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{A23D0F8B-4822-4E19-89BF-F3BC27CB0B87}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
    "{A3938ECC-C2D1-49A2-B615-5884788A5E79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{A88202F9-CCC0-477C-9C73-281F47680DDD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{A9343747-1F4F-4BAE-BB32-46D9BC1DBF13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
    "{ACA5A878-7263-4A33-A280-9EB816A84E12}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
    "{AE29F2D9-5BAE-4F5F-8026-9D010BE99527}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{B25BD395-0B48-44D5-AE1D-DF1693D89C19}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
    "{B468C61B-7656-4BAD-997B-1EA35775B47C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
    "{B56DBF9D-972E-4733-A7ED-8B820EB25220}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
    "{B5957389-71AE-4D3D-A535-56B56086E3EC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
    "{BF9AD79D-1B96-4B8C-B594-6C8C9DEEA279}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{BFC32E83-FB11-41C0-81F5-4928EADFA351}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{C076A828-F49C-4D3E-8F75-CF7E5A6B41CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{C2D7C15C-A98E-4BCB-B1B8-9FAD0CEAF178}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
    "{C38BC6FC-3D9D-484C-B6F0-933B40EB281E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C502832C-BE2A-4F08-83B6-429BDF6A9A09}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{C69BAAD6-1692-478F-8CF0-A8472DD9708B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
    "{C8950E8B-83FB-496B-8477-FC3B8786215C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{C905316D-0263-47EA-80BB-5C23907AE13C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{C95AA612-725D-4E30-BD76-F3A60833AACB}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe | 
    "{C9C3AE26-177F-4218-936D-494203AEF355}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | 
    "{CFDC214E-43D3-48E9-AEF6-392B4F93ED36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D1888DDA-692F-46F1-A49C-7A3ED40C0EE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{D26E588F-D798-4F2A-B0BA-F8C640F5917D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{D28DD05A-E8C9-44C4-A23F-028D0EDAF2FA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{DE1970B9-A441-4961-A7C3-B7617E69D864}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
    "{EE41C9C9-5ADC-48F7-9B5D-37C06F93AD96}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
    "{F0028C7F-9E8C-4527-A240-38EF44FA2CDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
    "{F2C4FC5E-FBF3-4032-99D2-D0A714E7C3FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{F8C52912-7F9F-48BD-B6E5-E95A32E840EF}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
    "TCP Query User{208E8650-5986-46CD-B052-FB58D41BD622}C:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe | 
    "TCP Query User{5A682580-093B-4B9D-AF40-59CA90743474}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
    "TCP Query User{C2AC1876-243D-4546-AAF0-8F22C3CB78F6}C:\program files\usenext\usenext.exe" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe | 
    "TCP Query User{F5BC6026-5E68-47E4-9422-1EFE6C586535}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
    "TCP Query User{FACD0A34-9D10-468E-BA7F-81F91031E57B}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe | 
    "TCP Query User{FF20D0C0-CFE7-40C1-A7B2-98A14E2C1717}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{1AB4DC63-6DE2-46D2-BEAD-DEDE70F76174}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
    "UDP Query User{203173B1-A765-4A91-B37B-0A72A9848F08}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
    "UDP Query User{6E7D4D12-F2C4-4A11-8C50-94E2CA410E0F}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe | 
    "UDP Query User{82C4B5F0-5D11-4268-A86F-6DC158EF19F7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{AE44CEB1-6E4D-41DD-9529-5854EBD1B658}C:\program files\usenext\usenext.exe" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe | 
    "UDP Query User{CAA66DEF-E00F-4313-8413-46C91993B4F3}C:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\2fa7.tmp\kmservice.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08976F97-548A-4084-B6D4-0F0D766365C4}" = Kartendesigner für Visitenkarten 2
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{1B33999E-D695-4268-B13A-00354345D5D2}" = Deutsche Post E-Porto
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E05A119-6F1F-B27D-8B85-940463B60A94}" = Fotobuchexpress24 Bestellsoftware
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
    "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
    "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
    "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
    "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "{E8B2A284-C30C-CDE0-45B5-C2CD1A278FEE}" = Versandhelfer
    "{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator Version 1.0
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "18 WoS Extreme Trucker 2" = 18 WoS Extreme Trucker 2 (v.1.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
    "5513-1208-7298-9440" = JDownloader 0.9
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
    "Assistant" = Assistant 5.05.013
    "BizTrip-XL 2006 DEMOVERSION_is1" = BizTrip-XL 2006 DEMOVERSION
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
    "CCleaner" = CCleaner
    "DivX Setup.divx.com" = DivX-Setup
    "dpdhl.versandhelfer" = Versandhelfer
    "ElsterFormular 13.0.0.8086p" = ElsterFormular
    "Fotobuchexpress24" = Fotobuchexpress24 Bestellsoftware
    "FSX Missions - A321 Lufthansa" = FSX Missions - A321 Lufthansa
    "German Truck Simulator" = German Truck Simulator 1.04
    "Google Chrome" = Google Chrome
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
    "InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
    "MAN 1024x768.scr" = MAN 1024x768 ScreenSaver
    "MAN Neue Motoren Generation D20 1.0_is1" = MAN Neue Motoren Generation D20 1.0
    "MAZDA EPC2" = MAZDA EPC2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
    "MPE" = MyPhoneExplorer
    "NAVIGON Fresh" = NAVIGON Fresh 3.4.1
    "News File Grabber_is1" = News File Grabber 4.6.0.4
    "Nokia Suite" = Nokia Suite
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "ProTrain 4    Hamburg-Berlin 4.0" = ProTrain 4    Hamburg-Berlin 4.0
    "ProTrain Vogelfluglinie 1.0" = ProTrain Vogelfluglinie 1.0
    "RealPlayer 12.0" = RealPlayer
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "Sweet Home 3D_is1" = Sweet Home 3D version 3.1
    "Tank Simulation" = Tank Simulation
    "TeamViewer 7" = TeamViewer 7
    "Train Simulator 1.0" = Microsoft Train Simulator
    "Train Store (German Language Pack)" = Train Store (German Language Pack)
    "Train Store V3.2" = Train Store V3.2
    "Trucks & Trailers" = Trucks & Trailers 1.00
    "uninstall.exe" = iLinc Client
    "UseNeXT_is1" = UseNeXT
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 Beta 3 (32-Bit)
     
    ========== HKEY_USERS Uninstall List ==========
     
    [HKEY_USERS\S-1-5-21-2560894426-2780621737-274232281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Kies Air Discovery Service" = Kies Air Discovery Service
    "MyFreeCodec" = MyFreeCodec
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 28.07.2012 07:03:39 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: NOTEPAD.EXE, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052bc3  ID des fehlerhaften
     Prozesses: 0x1314  Startzeit der fehlerhaften Anwendung: 0x01cd6cb0a3a37980  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\NOTEPAD.EXE  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e2404060-d8a3-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:09:21 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.310.5, Zeitstempel:
     0x4f2c9e1c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
     0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00077c29  ID des fehlerhaften Prozesses:
     0x530  Startzeit der fehlerhaften Anwendung: 0x01cd6cb16fd70490  Pfad der fehlerhaften
     Anwendung: C:\Program Files\Java\jre6\bin\javaw.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ae275920-d8a4-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:27:39 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000455a8  ID des fehlerhaften
     Prozesses: 0x838  Startzeit der fehlerhaften Anwendung: 0x01cd6cb3fd9dbf60  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3c847fc0-d8a7-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 07:32:29 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Drive Manager.exe, Version: 1.0.149.0,
     Zeitstempel: 0x4face35b  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1,
     Zeitstempel: 0x4d5f0c22  Ausnahmecode: 0x40000015  Fehleroffset: 0x0008d6fd  ID des fehlerhaften
     Prozesses: 0xde0  Startzeit der fehlerhaften Anwendung: 0x01cd6cb46a52e900  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\system32\MSVCR100.dll  Berichtskennung: e96238e0-d8a7-11e1-a64d-002197ec83a8
     
    Error - 28.07.2012 17:12:16 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
     Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0dcef306  ID des fehlerhaften
     Prozesses: 0x1150  Startzeit der fehlerhaften Anwendung: 0x01cd6d05a8bea1b0  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
     unknown  Berichtskennung: e806fa70-d8f8-11e1-84d2-002197ec83a8
     
    Error - 28.07.2012 17:17:44 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052bc3  ID des fehlerhaften
     Prozesses: 0xd74  Startzeit der fehlerhaften Anwendung: 0x01cd6d066d56aa40  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: abb83ce0-d8f9-11e1-84d2-002197ec83a8
     
    Error - 28.07.2012 17:19:29 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
     Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
     Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a5e0a  ID des fehlerhaften
     Prozesses: 0x1018  Startzeit der fehlerhaften Anwendung: 0x01cd6d06ac8ebf40  Pfad der
     fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
     C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ea680f10-d8f9-11e1-84d2-002197ec83a8
     
    Error - 29.07.2012 07:35:01 | Computer Name = Gismo | Source = System Restore | ID = 8206
    Description = 
     
    Error - 29.07.2012 16:54:31 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: rundll32.exe_g7i0ol_kaz.exe, Version:
     6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: unknown, Version:
     0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0dcef306
    ID
     des fehlerhaften Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cd6dcc58470610
    Pfad
     der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe  Pfad des fehlerhaften
     Moduls: unknown  Berichtskennung: 976baa30-d9bf-11e1-a507-002197ec83a8
     
    Error - 29.07.2012 17:13:27 | Computer Name = Gismo | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 
    7.0.7601.17610, Zeitstempel: 0x4dc0c63a  Name des fehlerhaften Moduls: ntdll.dll, 
    Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
     0x0005f9c5  ID des fehlerhaften Prozesses: 0xd9c  Startzeit der fehlerhaften Anwendung:
     0x01cd6dcefe8f30e0  Pfad der fehlerhaften Anwendung: C:\Windows\system32\SearchProtocolHost.exe
    Pfad
     des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3cf9eb40-d9c2-11e1-a507-002197ec83a8
     
    [ System Events ]
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Bluetooth-Gerät (RFCOMM-Protokoll-TDI)" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" wurde 
    aufgrund folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Bluetooth-Gerät (PAN)" wurde aufgrund folgenden Fehlers
     nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Belkin USB Wireless LAN Card Driver for Vista" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "NVIDIA nForce-Netzwerkcontrollertreiber" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Ralink 802.11n USB Wireless LAN Card Driver" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%2
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "USB-RNDIS-Adapter" wurde aufgrund folgenden Fehlers nicht
     gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "VMware Virtual Ethernet Adapter Driver" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:04 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "Microsoft Virtual WiFi Miniport Service" wurde aufgrund
     folgenden Fehlers nicht gestartet:   %%1058
     
    Error - 29.07.2012 16:54:06 | Computer Name = Gismo | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%193
     
     
    < End of report >

  5. #5
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    06.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    16.854
    Hallo Herr_B,

    leider hast Du neben Resten des Gema-Trojaners und dem GVU-Trojaner noch einen weiteren sehr gefährlichen Trojaner an Board, der Dein Online-Banking manipulieren kann und Passwort-Daten zu E-Mail-Konten, eBay, PayPal und dergleichen ausspäht! In Deinem Fall ist es der Trojan.Banker.

    Bei dieser Art von Infektion empfehle ich eine Neuinstallation Deines Systems durchzuführen und auf jeden Falle alle Deine Passwort-Daten schnellstmöglich von einem weiteren, virenfreien System aus ändern!

    Eine ausführliche Anleitung zum Neuaufsetzen von Windows 7 findest Du hier. Dort wird auch erklärt, wie Du am besten bzgl. der Sicherung Deiner Daten vorgehst.

  6. #6
    Einsteiger
    Registriert seit
    29.07.2012
    Beiträge
    4
    Vielen dank erstmal für die schnelle antwort und hilfe .
    könnt ihr mir für die zukunft ein antivirenprogramm empfehlen das ich mir sowas nicht nochmal einfange .

    gruß aus MH

    Daniel

  7. #7
    Anti-Botnet-Team Avatar von Petra
    Registriert seit
    06.09.2011
    Ort
    Nähe Düsseldorf
    Beiträge
    16.854
    Hallo Daniel,

    Antivirus-Programme sind immer auch ein Stück Geschmacksache - ich persönlich komme mit Avira in der Freeware-Version sehr gut klar. Norton ist mir zu überladen. Einen guten Überblick über die Erkennungsrate kann man sich bei AV Comparatives oder AV Test verschaffen.

    Wichtig für ein gesundes System ist außerdem, Windows, Browser, Java und sämtliche Software, die ins Internet kann/geht immer topaktuell zu halten. Sehr schlau ist es, keine Mail-Anhänge zu öffnen, keine Software aus Filesharing-Quellen zu saugen und klar, auf Cracks und Keygens verzichten, weil die gerne mal ein Hintertürchen (Backdoor) gleich mitinstallieren.

    Weitere gute Tipps findest Du in unseren Blogeinträgen:

    Lesenswerte Blogeinträge zum Thema Absicherung

    Wie mache ich mein Windows sicher?
    Wie kann ich mein System in Zukunft von Malware frei halten?
    Wie kann ich prüfen, ob meine Software aktuell ist?
    Datensicherung
    Browser- und Plugincheck
    DNS manipuliert?

Ähnliche Themen

  1. WinXP Telekom - wichtige Sicherheitswarnung
    Von Falk89 im Forum Windows
    Antworten: 9
    Letzter Beitrag: 27.08.2013, 15:40
  2. Telekom- Warnung
    Von carlheinz im Forum Windows
    Antworten: 44
    Letzter Beitrag: 26.08.2013, 04:55
  3. Sicherheitswarnung zu Ihrem Internetzugang
    Von Cooky1705 im Forum Windows
    Antworten: 35
    Letzter Beitrag: 28.05.2013, 20:03
  4. Antworten: 5
    Letzter Beitrag: 02.02.2013, 04:41
  5. Android Browser Sicherheitswarnung wie auf PC
    Von MammaMamma im Forum Android / iOS / Symbian
    Antworten: 6
    Letzter Beitrag: 09.08.2012, 07:03

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
G Data
forum.botfrei.de wird überprüft von der Initiative-S