Malwarebytes meint Befall - was meinen die Spezialisten?

Hallo - Hilfe gesucht für Befall - Danke im Voraus - romana


Datenbank Version: v2012.11.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
bkgm :: COMPI [Administrator]

04.11.2012 15:24:19
mbam-log-2012-11-04 (17-00-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 497407
Laufzeit: 1 Stunde(n), 31 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

*Wie führe ich einen Spoiler-Tag im Forum ein?*
Adware-Müll. Bekommen wir hin, muss nur schnell was einpflegen lassen und schon kann es los gehen. Stay tuned :)
Folge mal bitte diesen Anweisungen um AdwCleaner laufen zu lassen:

Suchen und Löschen lassen, poste dann beide Logfiles hier in Spoiler-Tags.

*Link korrigiert*
Hallo fee - Danke für die Hilfe - mfg romana

Hallo schrauber - bin wieder im Lande. Danke für Deine Anweisung, sh. Beilage AdwCleaner[R1].txt:

# AdwCleaner v2.007 - Datei am 08/11/2012 um 20:22:09 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : romy - COMPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\romy\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\romy\AppData\Roaming\AD ON Multimedia
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKU\S-1-5-21-2113112678-4025936130-3689292305-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2113112678-4025936130-3689292305-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v10.0.2 (de)

Profilname : default
Datei : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\prefs.js

Gefunden : user_pref(browser.newtab.url, hxxp://[...]
Gefunden : user_pref(, Search the web (Babylon));
Gefunden : user_pref(, hxxp://[...]
Gefunden : user_pref(, Search the web (Babylon));
Gefunden : user_pref(, Search the web (Babylon));
Gefunden : user_pref(extensions.BabylonToolbar.admin, false);
Gefunden : user_pref(extensions.BabylonToolbar.aflt, babsst);
Gefunden : user_pref(extensions.BabylonToolbar.dfltLng, en);
Gefunden : user_pref(extensions.BabylonToolbar.excTlbr, false);
Gefunden : user_pref(, a83c1bd00000000000000025d3612810);
Gefunden : user_pref(extensions.BabylonToolbar.instlDay, 15557);
Gefunden : user_pref(extensions.BabylonToolbar.instlRef, sst);
Gefunden : user_pref(extensions.BabylonToolbar.prdct, BabylonToolbar);
Gefunden : user_pref(extensions.BabylonToolbar.prtnrId, babylon);
Gefunden : user_pref(extensions.BabylonToolbar.tlbrId, base);
Gefunden : user_pref(extensions.BabylonToolbar.tlbrSrchUrl, hxxp://;
Gefunden : user_pref(extensions.BabylonToolbar.vrsn,;
Gefunden : user_pref(extensions.BabylonToolbar.vrsni,;
Gefunden : user_pref(extensions.BabylonToolbar_i.babExt, );
Gefunden : user_pref(extensions.BabylonToolbar_i.babTrack, affID=109727&tt=010812_nich_3112_4);
Gefunden : user_pref(extensions.BabylonToolbar_i.newTab, true);
Gefunden : user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://[...]
Gefunden : user_pref(extensions.BabylonToolbar_i.smplGrp, none);
Gefunden : user_pref(extensions.BabylonToolbar_i.srcExt, ss);
Gefunden : user_pref(extensions.BabylonToolbar_i.vrsnTs,;
Gefunden : user_pref(keyword.URL, hxxp://[...]
Gefunden : user_pref(winamp_toolbar.buttons.layout, skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gefunden : user_pref(winamp_toolbar.firsttime.showwindow, false);
Gefunden : user_pref(winamp_toolbar.install.lastTbVersion,;
Gefunden : user_pref(winamp_toolbar.metrics.activestampdate, 26);
Gefunden : user_pref(winamp_toolbar.metrics.activestampmonth, 11);
Gefunden : user_pref(winamp_toolbar.metrics.activestampyear, 2010);
Gefunden : user_pref(winamp_toolbar.metrics.originalDate, 26);
Gefunden : user_pref(winamp_toolbar.metrics.originalHours, 26);
Gefunden : user_pref(winamp_toolbar.metrics.originalMinutes, 13);
Gefunden : user_pref(winamp_toolbar.metrics.originalMonth, 12);
Gefunden : user_pref(winamp_toolbar.metrics.originalSeconds, 36);
Gefunden : user_pref(winamp_toolbar.metrics.originalYear, 2010);
Gefunden : user_pref(, false);
Gefunden : user_pref(, web);
Gefunden : user_pref(, tb50ffwinamp);
Gefunden : user_pref(winamp_toolbar.strbundle.msg, Winamp Toolbar);
Gefunden : user_pref(winamp_toolbar.upgrade.showwindow, false);
Gefunden : user_pref(winamp_toolbar.winamp.appversion, 1);
Gefunden : user_pref(winamp_toolbar.winamp.artist, );
Gefunden : user_pref(winamp_toolbar.winamp.title, -999999);
Gefunden : user_pref(winamp_toolbar.winamp.tracklength, -999999);
Gefunden : user_pref(winamp_toolbar.winamp.tracktime, -999999);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.


AdwCleaner[R1].txt - [6718 octets] - [08/11/2012 20:22:09]

########## EOF - C:\AdwCleaner[R1].txt - [6778 octets] ##########

mfg romana
Hast Du auch die Löschen Option benutzt? Wenn nicht bitte noch machen und das Log nachreichen, sowie ein frisches Log von Malwarebytes.
Beilage AdwCleaner[S1].txt:

# AdwCleaner v2.007 - Datei am 08/11/2012 um 20:35:25 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : romy - COMPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\romy\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\AD ON Multimedia
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v10.0.2 (de)

Profilname : default
Datei : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\prefs.js

C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\user.js ... Gelöscht !

Gelöscht : user_pref(browser.newtab.url, hxxp://[...]
Gelöscht : user_pref(, Search the web (Babylon));
Gelöscht : user_pref(, hxxp://[...]
Gelöscht : user_pref(, Search the web (Babylon));
Gelöscht : user_pref(, Search the web (Babylon));
Gelöscht : user_pref(extensions.BabylonToolbar.admin, false);
Gelöscht : user_pref(extensions.BabylonToolbar.aflt, babsst);
Gelöscht : user_pref(extensions.BabylonToolbar.dfltLng, en);
Gelöscht : user_pref(extensions.BabylonToolbar.excTlbr, false);
Gelöscht : user_pref(, a83c1bd00000000000000025d3612810);
Gelöscht : user_pref(extensions.BabylonToolbar.instlDay, 15557);
Gelöscht : user_pref(extensions.BabylonToolbar.instlRef, sst);
Gelöscht : user_pref(extensions.BabylonToolbar.prdct, BabylonToolbar);
Gelöscht : user_pref(extensions.BabylonToolbar.prtnrId, babylon);
Gelöscht : user_pref(extensions.BabylonToolbar.tlbrId, base);
Gelöscht : user_pref(extensions.BabylonToolbar.tlbrSrchUrl, hxxp://;
Gelöscht : user_pref(extensions.BabylonToolbar.vrsn,;
Gelöscht : user_pref(extensions.BabylonToolbar.vrsni,;
Gelöscht : user_pref(extensions.BabylonToolbar_i.babExt, );
Gelöscht : user_pref(extensions.BabylonToolbar_i.babTrack, affID=109727&tt=010812_nich_3112_4);
Gelöscht : user_pref(extensions.BabylonToolbar_i.newTab, true);
Gelöscht : user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://[...]
Gelöscht : user_pref(extensions.BabylonToolbar_i.smplGrp, none);
Gelöscht : user_pref(extensions.BabylonToolbar_i.srcExt, ss);
Gelöscht : user_pref(extensions.BabylonToolbar_i.vrsnTs,;
Gelöscht : user_pref(keyword.URL, hxxp://[...]
Gelöscht : user_pref(winamp_toolbar.buttons.layout, skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gelöscht : user_pref(winamp_toolbar.firsttime.showwindow, false);
Gelöscht : user_pref(winamp_toolbar.install.lastTbVersion,;
Gelöscht : user_pref(winamp_toolbar.metrics.activestampdate, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.activestampmonth, 11);
Gelöscht : user_pref(winamp_toolbar.metrics.activestampyear, 2010);
Gelöscht : user_pref(winamp_toolbar.metrics.originalDate, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.originalHours, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.originalMinutes, 13);
Gelöscht : user_pref(winamp_toolbar.metrics.originalMonth, 12);
Gelöscht : user_pref(winamp_toolbar.metrics.originalSeconds, 36);
Gelöscht : user_pref(winamp_toolbar.metrics.originalYear, 2010);
Gelöscht : user_pref(, false);
Gelöscht : user_pref(, web);
Gelöscht : user_pref(, tb50ffwinamp);
Gelöscht : user_pref(winamp_toolbar.strbundle.msg, Winamp Toolbar);
Gelöscht : user_pref(winamp_toolbar.upgrade.showwindow, false);
Gelöscht : user_pref(winamp_toolbar.winamp.appversion, 1);
Gelöscht : user_pref(winamp_toolbar.winamp.artist, );
Gelöscht : user_pref(winamp_toolbar.winamp.title, -999999);
Gelöscht : user_pref(winamp_toolbar.winamp.tracklength, -999999);
Gelöscht : user_pref(winamp_toolbar.winamp.tracktime, -999999);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Roaming\Opera\Opera\operaprefs.ini

mfg romana
Grossen Dank für Deine Hilfe - Malwarebytes ist am Laufen - mfg r.
Malwarebytes hat nichts mehr gefunden:

ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 5 . 1 . 1 0 0 0

w w w . m a l w a r e b y t e s . o r g

D a t e n b a n k V e r s i o n : v 2 0 1 2 . 1 1 . 0 8 . 0 9

W i n d o w s 7 S e r v i c e P a c k 1 x 8 6 N T F S

I n t e r n e t E x p l o r e r 9 . 0 . 8 1 1 2 . 1 6 4 2 1

r o m y : : C O M P I [ A d m i n i s t r a t o r ]

0 8 . 1 1 . 2 0 1 2 2 0 : 5 2 : 3 3

m b a m - l o g - 2 0 1 2 - 1 1 - 0 8 ( 2 0 - 5 2 - 3 3 ) . t x t

A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f ( C : \ | D : \ | E : \ | F : \ | )

A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M

D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P

D u r c h s u c h t e O b j e k t e : 4 9 5 0 5 6

L a u f z e i t : 1 S t u n d e ( n ) , 2 9 M i n u t e ( n ) , 3 S e k u n d e ( n )

I n f i z i e r t e S p e i c h e r p r o z e s s e : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e S p e i c h e r m o d u l e : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e V e r z e i c h n i s s e : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

I n f i z i e r t e D a t e i e n : 0

( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )

( E n d e )

Vielen Dank - mfg r.
Anbei OTL.Txt:

OTL logfile created on: 12.11.2012 20:36:18 - Run 2
OTL by OldTimer - Version Folder = C:\Users\romy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.65% Memory free
6.00 Gb Paging File | 3.93 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 1.59 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 30.01 Gb Total Space | 22.76 Gb Free Space | 75.86% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 17.42 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive F: | 30.01 Gb Total Space | 29.06 Gb Free Space | 96.84% Space Free | Partition Type: NTFS

Computer Name: COMPI | User Name: romy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\romy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\CDTray\CDTray.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\WidgetLibrary.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\styles\OviCommonStyle.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtgui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtcore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtnetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtxml4.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\CDTray\CDTray.exe ()

========== Services (SafeList) ==========

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

========== Driver Services (SafeList) ==========

DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\WNt500x86\Sandra.sys File not found
DRV - (lpnxpeil) -- System32\drivers\qtbce.sys File not found
DRV - (GearAspiWDM) -- System32\drivers\GEARAspiWDM.sys File not found
DRV - (Afc) -- system32\drivers\Afc.sys File not found
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL ={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7A3EC1BB-ADA5-4ECE-A2B6-FA6F4FC78A6D}: URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Daten\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 5A D7 07 D9 4D CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\..\SearchScopes,DefaultScope = {EF58F066-1BD0-4BD5-A018-A843DBEAF0B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL ={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL ={searc
IE - HKCU\..\SearchScopes\{7A3EC1BB-ADA5-4ECE-A2B6-FA6F4FC78A6D}: URL =
IE - HKCU\..\SearchScopes\{EF58F066-1BD0-4BD5-A018-A843DBEAF0B7}: URL ={searchTerms}&sourceid=ie7&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local

========== FireFox ==========

FF - true
FF - prefs.js..browser.startup.homepage: h
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - *.local
FF - 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\ disabled File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.11.03 21:38:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.07 20:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.04 20:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 17:33:15 | 000,000,000 | ---D | M]

[2010.04.02 19:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\Extensions
[2012.11.08 20:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\Firefox\Profiles\ozczq0cs.default\extensions
[2010.05.01 22:03:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\romy\AppData\Roaming\mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.28 01:01:28 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\firefox\profiles\ozczq0cs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.09.29 17:17:31 | 000,001,379 | ---- | M] () -- C:\Users\romy\AppData\Roaming\mozilla\firefox\profiles\ozczq0cs.default\searchplugins\winamp-search.xml
[2012.09.05 11:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 12:38:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.04 20:00:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.09.29 17:17:31 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.29 17:17:31 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.29 17:17:31 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.29 17:17:31 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.05 21:40:40 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.29 17:17:31 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - Extension: YouTube = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: Freemake Video Converter = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010.05.13 22:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CDTray.exe.lnk = C:\Program Files\CDTray\CDTray.exe ()
O4 - Startup: C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Geräteerkennung)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7809B7E-2F4D-4D95-8C5D-256454614890}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8969EC8-F810-4747-A25B-C71EDE050B3F}: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a25b6185-1ab0-11e2-a62f-9e20dfaf8edd}\Shell - = AutoRun
O33 - MountPoints2\{a25b6185-1ab0-11e2-a62f-9e20dfaf8edd}\Shell\AutoRun\command - = L:\Start_eBanking_Login-Stick_Win.exe
O33 - MountPoints2\{af470ec5-e1af-11df-a170-bddb786e51a9}\Shell - = AutoRun
O33 - MountPoints2\{af470ec5-e1af-11df-a170-bddb786e51a9}\Shell\AutoRun\command - = L:\Start_eBanking_Login-Stick_Win.exe
O33 - MountPoints2\R\Shell - = AutoRun
O33 - MountPoints2\R\Shell\AutoRun\command - = R:\Win32\AppWizard.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\ [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.11 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.09 10:26:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\romy\Desktop\OTL.exe
[2012.10.30 21:32:53 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Acronis
[2012.10.30 21:31:40 | 000,601,408 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012.10.30 21:31:33 | 000,125,472 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012.10.30 21:31:31 | 000,083,392 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012.10.30 21:31:29 | 000,169,088 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012.10.30 21:31:28 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.10.30 21:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012.10.29 17:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.29 17:33:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.29 17:33:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.29 17:33:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.29 17:33:14 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.29 17:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.10.19 15:46:44 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Local\ElevatedDiagnostics
[2012.10.16 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Ashampoo Slideshow Studio HD 2
[2012.10.16 19:53:30 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Local\ashampoo
[2012.10.16 19:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.09.07 20:16:01 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\romy\AppData\Roaming\SetupGFD.exe
[2010.09.07 20:15:33 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\romy\AppData\Roaming\ffdshow.exe
[2010.09.07 20:15:29 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\romy\AppData\Roaming\xvid.exe
[2010.09.07 20:15:17 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Users\romy\AppData\Roaming\Imgburn.exe
[2010.09.07 20:14:59 | 004,182,178 | ---- | C] (The Public) -- C:\Users\romy\AppData\Roaming\Avisynth.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.12 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.12 20:15:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.12 19:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.12 15:13:09 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.12 15:13:09 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.12 15:13:09 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.12 15:13:09 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.12 10:30:16 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 10:30:16 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 10:23:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.12 10:22:51 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 10:22:50 | 001,875,913 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.11.11 12:18:35 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.11 11:40:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.11 11:40:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.09 10:26:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\romy\Desktop\OTL.exe
[2012.11.08 20:20:44 | 000,541,569 | ---- | M] () -- C:\Users\romy\Desktop\adwcleaner.exe
[2012.10.31 14:57:24 | 000,001,294 | ---- | M] () -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.30 21:31:42 | 000,001,185 | ---- | M] () -- C:\Users\romy\Desktop\Acronis True Image WD Edition.lnk
[2012.10.30 21:31:40 | 000,601,408 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012.10.30 21:31:33 | 000,125,472 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012.10.30 21:31:31 | 000,083,392 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012.10.30 21:31:29 | 000,169,088 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012.10.29 17:33:07 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.29 17:33:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.29 17:33:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.29 17:33:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.29 17:33:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.22 12:21:26 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk
[2012.10.20 14:23:02 | 245,439,962 | ---- | M] () -- C:\registry-20121020_15.22h.reg
[2012.10.20 14:14:31 | 245,396,624 | ---- | M] () -- C:\registry-20121020_15.13h.reg
[2012.10.17 20:36:08 | 244,928,614 | ---- | M] () -- C:\registry-20121017_21.36h.reg
[2012.10.17 20:36:08 | 244,928,614 | ---- | M] () -- C:\registry-20121017.reg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.11 11:41:23 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.08 20:20:43 | 000,541,569 | ---- | C] () -- C:\Users\romy\Desktop\adwcleaner.exe
[2012.10.31 14:57:24 | 000,001,294 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.30 21:31:42 | 000,001,185 | ---- | C] () -- C:\Users\romy\Desktop\Acronis True Image WD Edition.lnk
[2012.10.20 14:22:27 | 245,439,962 | ---- | C] () -- C:\registry-20121020_15.22h.reg
[2012.10.20 14:14:20 | 245,396,624 | ---- | C] () -- C:\registry-20121020_15.13h.reg
[2012.10.17 21:46:47 | 244,928,614 | ---- | C] () -- C:\registry-20121017_21.36h.reg
[2012.10.17 20:35:56 | 244,928,614 | ---- | C] () -- C:\registry-20121017.reg
[2012.10.16 19:53:29 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk
[2012.09.04 20:17:43 | 000,000,132 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.02 11:24:34 | 000,011,264 | ---- | C] () -- C:\Users\romy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.04 14:26:24 | 000,003,485 | ---- | C] () -- C:\Users\romy\.recently-used.xbel
[2011.02.08 17:36:07 | 003,486,336 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.02.08 17:36:07 | 000,241,664 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011.02.08 17:36:07 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.02.08 17:36:07 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.02.08 17:36:07 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.02.08 17:36:06 | 000,172,103 | ---- | C] () -- C:\Windows\BM.exe
[2011.02.08 16:29:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.07 19:54:29 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.12.17 18:32:29 | 000,000,132 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.07 20:15:43 | 005,243,208 | ---- | C] ( ) -- C:\Users\romy\AppData\Roaming\AvsP.exe
[2010.03.19 23:56:40 | 000,007,679 | ---- | C] () -- C:\Users\romy\AppData\Local\Resmon.ResmonCfg
[2010.03.16 11:37:45 | 000,696,277 | ---- | C] () -- C:\Users\romy\AppData\Roaming\unins000.exe
[2010.03.16 11:37:45 | 000,001,270 | ---- | C] () -- C:\Users\romy\AppData\Roaming\unins000.dat
[2009.11.04 23:27:52 | 000,002,925 | ---- | C] () -- C:\Users\romy\pspbrwse.jbf
[2009.10.16 00:40:19 | 000,224,917 | ---- | C] () -- C:\Users\romy\artur01.jpg

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini



= %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment

= %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free

= %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 4264 bytes -> C:\Users\romy\artur01.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:

Teure Adobe-Software ohne zu bezahlen? ;)
Meinst du das wirklich ?
  • #14
Diese Einträge in der Host-Datei enstehen dann, wenn man teure Adobe Produkte wie Photoshop als Beispiel installiert, und einen Crack benutzt um die Bezahlung zu umgehen. Die Einträge blockieren und verhindern, dass das Programm nach Hause telefonieren kann um die Gültigkeit des Keys zu kontrollieren.

Sagt Dir das was? Ganz ehrlich. Eigentlich müsste ich den Thread schon nur wegen der Anzeichen auf gecrackte Software schliessen.

Sagt Dir das was? Ganz ehrlich. Eigentlich müsste ich den Thread schon nur wegen der Anzeichen auf gecrackte Software schliessen.
  • #15
Könnte das auch ein Eintrag von von Premiere sein ?
  • #16
Was hat Adobe mit Premiere zu tun? ???

Poste mal bitte noch die Extras.txt.
  • #17
Weil mir vor ca. 1.5 od. 2 Jahren ein Besuch aus USA etwas wie Premiere geladen hat , leider habe ich es nicht begriffen. Kann man sehen ob es ein US-Prg. ist ?
  • #18

OTL Extras logfile created on: 12.11.2012 20:36:18 - Run 2
OTL by OldTimer - Version Folder = C:\Users\romy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.65% Memory free
6.00 Gb Paging File | 3.93 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 1.59 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 30.01 Gb Total Space | 22.76 Gb Free Space | 75.86% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 17.42 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive F: | 30.01 Gb Total Space | 29.06 Gb Free Space | 96.84% Space Free | Partition Type: NTFS

Computer Name: COMPI | User Name: romy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC-media-player-VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe %L (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- C:\Program Files\IrfanView\i_view32.exe %1 /thumbs (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC-media-player-VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 ()
Directory [Winamp.Bookmark] -- C:\Program Files\Winamp\winamp.exe /BOOKMARK %1 (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- C:\Program Files\Winamp\winamp.exe /ADD %1 (Nullsoft, Inc.)
Directory [Winamp.Play] -- C:\Program Files\Winamp\winamp.exe %1 (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = Reg Error: Unknown registry data type -- File not found
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

DisableNotifications = 0
EnableFirewall = 1

DisableNotifications = 0
EnableFirewall = 1

DisableNotifications = 0
EnableFirewall = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

{1DDA1E14-69D0-44D0-8958-0DDB78F6E69A} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{23DF49C3-D3A2-443D-8033-5F916DC6F5D0} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{2FBEAC6D-987C-4DCD-9087-63A095AECDF0} = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
{32F2950B-245C-49F8-975A-34864CBE8242} = rport=138 | protocol=17 | dir=out | app=system |
{3FECF496-3B61-40BD-AB45-80078B720B27} = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011a\wnt500x86\rpcsandrasrv.exe |
{4AB153D0-F166-45D0-909F-EF06620D9E15} = lport=138 | protocol=17 | dir=in | app=system |
{4E6F4846-D9C0-414A-95A2-0B5040C8494F} = rport=445 | protocol=6 | dir=out | app=system |
{4F2C2882-611D-4C64-A511-8C714E371647} = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
{65A8B9DA-0DC4-4B97-B2C4-3AA55A85F199} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{6F1F9442-C6BD-435D-9BFF-68A23EBB4B4B} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{7724EAC9-5839-46A1-A8CA-D6878DA2FB71} = lport=2869 | protocol=6 | dir=in | app=system |
{88DF4D16-F72D-4536-B457-B5F1442655C1} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{8D40B9F6-F7B3-44D0-8411-2A9EE2892271} = lport=137 | protocol=17 | dir=in | app=system |
{9F9D2CB1-6218-4045-B9BA-6A6392F1AA43} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{A095FFBA-CFE8-4C1B-9EAE-18A6D2E1A0D6} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{A7A7AB6C-CEB0-4A3E-A99A-C139E2BB75C4} = lport=445 | protocol=6 | dir=in | app=system |
{B04850D3-EA2E-4541-B1B9-8F7AA8B2C4CA} = lport=10243 | protocol=6 | dir=in | app=system |
{BBF5F057-D390-4038-81DA-F19954C456F1} = rport=139 | protocol=6 | dir=out | app=system |
{BD620250-D097-43C9-9C09-1C2B5320EA5F} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
{C0FE1ECD-9855-42EF-9068-69C0DB5C3B05} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{D7101C95-983E-453E-BD96-1A5BB2586FE6} = rport=137 | protocol=17 | dir=out | app=system |
{E593FE59-CF27-4F14-A8D6-D6DCAE81E24F} = rport=10243 | protocol=6 | dir=out | app=system |
{EAC4135B-5AD7-4E7A-9749-F12D4A286152} = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
{F21D167B-D2A5-4735-B3FE-DD9DE6CF7E83} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{F333186E-9E78-4B97-AD18-4D439FA3ED63} = lport=139 | protocol=6 | dir=in | app=system |
{F39D4F66-2B4F-41F8-8537-653AD721F88C} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{FF963B2E-EF84-48A6-B1BC-FE73EDC8A717} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

{00829CC1-5632-4FDD-9813-54F5831601F5} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{2270CB1C-B88E-4EC1-A4D8-E350CA7F80D3} = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{239B6A80-C148-4D02-B399-98D7464AA2ED} = protocol=58 | dir=out | [email protected],-28546 |
{2C53ED4D-6FC7-4D94-8AF6-970E0E41D2F0} = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
{413FD727-5415-4547-8B4E-8B5CEA2793C0} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{46839ACE-AD23-4986-9392-2577DB3D2FBE} = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
{4A062BEB-33CC-4A5C-AD88-131766E26E4F} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{6267262D-B677-42A8-A45C-B7B4778D702F} = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
{626EF519-3B19-44F7-9FAC-32BF5562309A} = protocol=1 | dir=out | [email protected],-28544 |
{62D30A32-2A46-4DB3-9437-EC53C9CE88DB} = protocol=1 | dir=in | [email protected],-28543 |
{64A3EA23-2D60-44DC-8B32-6030D6CA4DA2} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{65B23FB4-6008-4B98-8A37-15B6B17DE6D9} = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
{6A29296C-DA7C-4872-A1DE-C0B5F0A00DA8} = dir=in | app=c:\program files\skype\phone\skype.exe |
{7A9C66AE-7124-485E-916E-766C89B3DA05} = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{9CAD0F24-5314-4AEE-83C3-783D752BE48B} = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
{A31056CD-607A-424A-ABCF-71F92F2D4ECC} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{B59BB214-A6BA-4DEA-9B10-226B08481C92} = protocol=6 | dir=out | app=system |
{B7A0F363-A7EB-4F4E-A5B1-6D864403CA93} = protocol=58 | dir=in | [email protected],-28545 |
{C21FF14F-3743-45BE-882E-53D195296AAE} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{E352E5D4-D0B6-4915-8BA8-EC4D47254246} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{E9EB8148-19A6-431C-9D2D-82905B888800} = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
{F0E337EF-D144-4E4F-959C-FA4528EA846A} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{F1A1651F-81F8-421F-A59B-6AA4B508E4F7} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{F66783CE-1244-4400-8972-A2A3D03D841B} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{FD5D6AE1-744D-4366-AE32-B3A166C85564} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{15F9F61A-9C64-4D99-98A2-D6926733FE2C}D:\daten\xampp\apache\bin\httpd.exe = protocol=6 | dir=in | app=d:\daten\xampp\apache\bin\httpd.exe |
TCP Query User{29076446-719E-4F1D-8D13-1B925E79CBF6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
TCP Query User{3232CAFC-19AA-4F68-889D-972A0787361F}C:\program files\internet explorer\iexplore.exe = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
TCP Query User{409B593B-2CF9-4C09-85B8-90D3D67F974D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
TCP Query User{9B4B12BC-EA32-4C0C-9308-5D84999096A0}C:\program files\winamp\winamp.exe = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
TCP Query User{9D777D8F-40D8-4F7E-BB0A-D641600E308D}C:\xampp\apache\bin\httpd.exe = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
TCP Query User{C4C2F8BA-9DA4-47C6-BA2F-96EF594C43D2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{DDAC81E9-80AA-4769-99D6-6E9FDE28C301}D:\daten\xampp\mysql\bin\mysqld.exe = protocol=6 | dir=in | app=d:\daten\xampp\mysql\bin\mysqld.exe |
UDP Query User{36D48C9E-DBAD-4E7E-8FE3-D774620B4FE1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{4ACB1D76-7CE9-4D3D-A4AA-62AD8DF30C03}C:\program files\internet explorer\iexplore.exe = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
UDP Query User{4D09E085-095D-46E5-8E53-A25EFE97A1BA}C:\xampp\apache\bin\httpd.exe = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
UDP Query User{4EE66890-67F0-40E8-94BF-4888F85F45F0}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
UDP Query User{6AD357D1-6559-4AE8-928D-110DB0EAA56B}C:\program files\winamp\winamp.exe = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
UDP Query User{9C2993FB-3C20-420F-811C-2094275BC2C0}D:\daten\xampp\mysql\bin\mysqld.exe = protocol=17 | dir=in | app=d:\daten\xampp\mysql\bin\mysqld.exe |
UDP Query User{C9E9B931-CF0D-4740-A6BA-56133BCD4721}C:\program files\nokia\nokia software updater\nsu_ui_client.exe = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
UDP Query User{EDC127BB-CA21-46DD-BBA5-8DB8FAB5E493}D:\daten\xampp\apache\bin\httpd.exe = protocol=17 | dir=in | app=d:\daten\xampp\apache\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
{0224CACC-994D-45F8-B973-D65056EA9C2F} = Adobe XMP DVA Panels CS3
{033E378E-6AD3-4AD5-BDEB-CBD69B31046C} = Microsoft_VC90_ATL_x86
{04AF207D-9A77-465A-8B76-991F6AB66245} = Adobe Help Viewer CS3
{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} = Windows Live ID-Anmelde-Assistent
{08B32819-6EEF-4057-AEDA-5AB681A36A23} = Adobe Bridge Start Meeting
{08D2E121-7F6A-43EB-97FD-629B44903403} = Microsoft_VC90_CRT_x86
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{0F022A2E-7022-497D-90A5-0F46746D8275} = Macromedia Extension Manager
{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} = Microsoft_VC80_ATL_x86
{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series = Canon MP540 series MP Drivers
{1280E900-35DA-4E08-A700-B79A5B2B8532} = Microsoft Antimalware Service DE-DE Language Pack
{15FEDA5F-141C-4127-8D7E-B962D1742728} = Adobe Photoshop CS5
{18455581-E099-4BA8-BC6B-F34B2F06600C} = Google Toolbar for Internet Explorer
{1A15507A-8551-4626-915D-3D5FA095CC1B} = Corel Paint Shop Pro X
{205C6BDD-7B73-42DE-8505-9A093F35A238} = Windows Live-Uploadtool
{223A0FFB-5BAE-4541-B4AA-5688384FA77E} = USB2.0 2MP UVC Camera
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} = MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = Google Toolbar for Internet Explorer
{26A24AE4-039D-4CA4-87B4-2F83217009FF} = Java 7 Update 9
{2BA722D1-48D1-406E-9123-8AE5431D63EF} = Windows Live Fotogalerie
{2D99A593-C841-43A7-B7C9-D6F3AE70B756} = Nokia Connectivity Cable Driver
{2e10c007-3bd1-4ee1-aafd-ef0216bdaa4f} = Nero 9 Lite
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{32A546AD-2626-1DF1-0746-123AFA6E265F} = ATI Catalyst Install Manager
{3C3901C5-3455-3E0A-A214-0B093A5070A6} = Microsoft .NET Framework 4 Client Profile
{3D3E663D-4E7E-4577-A560-7ECDDD45548A} = PVSonyDll
{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} = eReg
{3EFEF049-23D4-4B46-8903-4592FEA51018} = Windows Live Movie Maker
{4412F224-3849-4461-A3E9-DEEF8D252790} = Visual Studio C++ 10.0 Runtime
{45F4941E-5E77-11DF-A71D-005056C00008} = Paragon Partition Manager™ 11 Free Edition
{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} = Adobe AIR
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{50779A29-834E-4E36-BBEB-B7CABC67A825} = Microsoft Security Client DE-DE Language Pack
{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} = Adobe Premiere Pro CS3 Functional Content
{53480330-E1D1-41CA-B8F8-7F78644F7F50} = O&O Defrag Professional Edition
{54793AA1-5001-42F4-ABB6-C364617C6078} = Adobe Linguistics CS3
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} = neroxml
{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} = Adobe Premiere Pro CS3
{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} = Google Earth
{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} = Microsoft_VC90_MFC_x86
{65F67589-B92D-4B77-8FC8-43AD21379343} = Nitro Reader 2
{6ABE0BEE-D572-4FE8-B434-9E72A289431B} = Adobe Fonts All
{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} = MSVC80_x86_v2
{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} = Adobe Asset Services CS3
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{76618402-179D-4699-A66B-D351C59436BC} = Windows Live Sync
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7748AC8C-18E3-43BB-959B-088FAEA16FB2} = Nero StartSmart
{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} = NVIDIA ForceWare Network Access Manager
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable
{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} = Adobe Device Central CS3
{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B} = Macromedia HomeSite+
{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} = Adobe Type Support
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90140000-2005-0000-0000-0000000FF1CE} = Microsoft Office File Validation Add-In
{90176341-0A8B-4CCC-A78D-F862228A6B95} = Adobe Anchor Service CS3
{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} = Microsoft_VC80_CRT_x86
{95120000-00B9-0409-0000-0000000FF1CE} = Microsoft Application Error Reporting
{95140000-00AF-0407-0000-0000000FF1CE} = Microsoft PowerPoint Viewer
{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD} = Microsoft Security Client
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9B683A28-2172-4CF1-B85D-41375E80652A} = Acronis True Image WD Edition
{9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{9C9824D9-9000-4373-A6A5-D0E5D4831394} = Adobe Bridge CS3
{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} = Adobe CMaps
{A498D9EB-927B-459B-85D6-DD6EF8C2C564} = erLT
{A78FE97A-C0C8-49CE-89D0-EDD524A17392} = PDF Settings CS5
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AC76BA86-7AD7-1031-7B44-A95000000001} = Adobe Reader 9.5.2 - Deutsch
{AF111648-99A1-453E-81DD-80DBBF6DAD0D} = MSVC90_x86
{B2EC4A38-B545-4A00-8214-13FE0E915E6D} = Advertising Center
{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} = Adobe Camera Raw 4.0
{B6CF2967-C81E-40C0-9815-C05774FEF120} = Skype Click to Call
{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} = Adobe Default Language CS3
{BB81360F-041C-4CF7-B15E-71380D154244} = Adobe Setup
{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} = Nero ControlCenter
{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} = Adobe ExtendScript Toolkit 2
{C373F7C4-05D2-4047-96D1-6AF30661C6AA} = PC Connectivity Solution
{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} = Nero Online Upgrade
{C96AA90C-9DE0-4C37-92F2-49CC3FE8C330} = Nokia Software Updater
{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1 = UBitMenuDE
{D0D14551-3A2D-433B-861F-F4DCE5422759} = Nokia PC Suite
{D0DFF92A-492E-4C40-B862-A74A173C25C5} = Adobe Version Cue CS3 Client
{D1A19B02-817E-4296-A45B-07853FD74D57} = Microsoft_VC80_MFC_x86
{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} = Adobe PDF Library Files
{D5A31AB1-345D-47C7-A87B-036A669F6DF1} = Adobe XMP Panels CS3
{D92BBB52-82FF-42ED-8A3C-4E062F944AB7} = Microsoft_VC80_MFCLOC_x86
{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} = Adobe Color Common Settings
{DE3A9DC5-9A5D-6485-9662-347162C7E4CA} = Adobe Media Player
{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6} = NVIDIA PhysX
{E40CE517-0D42-4198-96B4-C8232B257EB5} = Data Lifeguard Diagnostic for Windows
{E69AE897-9E0B-485C-8552-7841F48D42D8} = Adobe Update Manager CS3
{E8A80433-302B-4FF1-815D-FCC8EAC482FF} = Nero Installer
{ED00D08A-3C5F-488D-93A0-A04F21F23956} = Windows Live Communications Platform
{EE531675-A09C-51DD-F356-ECA9D6857039} = Adobe Community Help
{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} = Skype™ 5.10
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} = Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} = Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} = Microsoft Office Live Add-in 1.5
{F750C986-5310-3A5A-95F8-4EC71C8AC01C} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} = Windows Live Essentials
{FCC32487-14A5-403C-922A-71CA97DCCBC2} = AquaSoft PhotoFlash 2
{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
504244733D18C8F63FF584AEB290E3904E791693 = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008
72A50F48CC5601190B9C4E74D81161693133E7F7 = Windows-Treiberpaket - Nokia Modem (02/25/2011
7-Zip = 7-Zip 9.20
Adobe AIR = Adobe AIR
Adobe Flash Player ActiveX = Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0 = Adobe Photoshop 6.0
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Adobe SVG Viewer = Adobe SVG Viewer 3.0
Adobe_32fdd767b4383606e8168e834af5d90 = Adobe Premiere Pro CS3
Ant Renamer 2_is1 = Ant Renamer
AquaSoft PhotoFlash 2 = AquaSoft PhotoFlash 2
Ashampoo Slideshow Studio Elements_is1 = Ashampoo Slideshow Studio Elements 2.0.1
Ashampoo Slideshow Studio HD 2_is1 = Ashampoo Slideshow Studio HD 2 v.2.0.5
Audiograbber = Audiograbber 1.83 SE
AVS Update Manager_is1 = AVS Update Manager 1.0
AVS4YOU Video Converter 7_is1 = AVS Video Converter 8
CanonMyPrinter = Canon Utilities My Printer
CanonSolutionMenu = Canon Utilities Solution Menu
CCleaner = CCleaner
  • #20
chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 = Adobe Community Help
com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 = Adobe Media Player
CSEHTMLVALIDATOR110_is1 = CSE HTML Validator Standard v11.02
Das große Ostalgie-Spiel = Das große Ostalgie-Spiel
E0AC723A3DE3A04256288CADBBB011B112AED454 = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
EASEUS Partition Master Home Edition_is1 = EASEUS Partition Master 5.0.1 Home Edition
Easy GIF Animator_is1 = Easy GIF Animator 5.21
Easy-PhotoPrint EX = Canon Utilities Easy-PhotoPrint EX
Easy-WebPrint EX = Canon Easy-WebPrint EX
ENTERPRISE = Microsoft Office Enterprise 2007
EVEREST Home Edition_is1 = EVEREST Home Edition v2.20
FileZilla Client = FileZilla Client 3.5.3
FormatFactory = FormatFactory 2.60
Freemake Video Converter_is1 = Freemake Video Converter Version 3.1.2
Google Chrome = Google Chrome
Heliswiss = Heliswiss
Heliswiss_Ecureuil = Heliswiss_Ecureuil
Heliswiss_Kamov = Heliswiss_Kamov
Heliswiss_Transport = Heliswiss_Transport
IcoFX_is1 = IcoFX 1.6.4
IETester = IETester v0.4.10 (remove only)
ImgBurn = ImgBurn
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} = NVIDIA ForceWare Network Access Manager
IrfanView = IrfanView (remove only)
Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware Version
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Security Client = Microsoft Security Essentials
Mozilla Firefox 10.0.2 (x86 de) = Mozilla Firefox 10.0.2 (x86 de)
MP Navigator EX 2.0 = Canon MP Navigator EX 2.0
MyTomTom = MyTomTom
Nokia PC Suite = Nokia PC Suite
NP_FR_2010-1 = FRITax 2010 10.2.16
NP_FR_2011 = FRITax 2011 11.3.35
NVIDIA Display Control Panel = NVIDIA Display Control Panel
NVIDIA Drivers = NVIDIA Drivers
Paint Shop Pro 6.0 = Paint Shop Pro 6.0 (CD-ROM)
Picasa 3 = Picasa 3
Sweet Home 3D_is1 = Sweet Home 3D version 3.3
VideoConverter = VideoConverter
VLC media player = VLC media player 2.0.3
Winamp = Winamp
WinGimp-2.0_is1 = GIMP 2.6.11
WinLiveSuite_Wave3 = Windows Live Essentials
WinMerge_is1 = WinMerge 2.12.4
xampp = XAMPP 1.7.7

========== HKEY_CURRENT_USER Uninstall List ==========

Winamp Detect = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.12.2011 06:23:52 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 04.12.2011 06:26:04 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 04.12.2011 06:26:32 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm

Error - 05.12.2011 09:20:38 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 05.12.2011 09:22:53 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 05.12.2011 09:23:21 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm

Error - 06.12.2011 08:04:32 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 06.12.2011 10:11:25 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 06.12.2011 10:13:18 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 06.12.2011 10:13:48 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm

[ OSession Events ]
Error - 10.09.2010 08:11:46 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 06.10.2010 14:23:57 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11.04.2011 05:02:11 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.04.2011 14:15:44 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.11.2011 11:52:48 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26.10.2012 17:56:52 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 43868
seconds with 3780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08.11.2012 17:44:28 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 09.11.2012 03:43:18 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

Error - 09.11.2012 03:43:56 | Computer Name = compi | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst Programmkompatibilitäts-Assistent konnte Phase 2 nicht

Error - 09.11.2012 17:54:07 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 10.11.2012 06:42:48 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

Error - 10.11.2012 17:07:00 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 11.11.2012 06:37:41 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

Error - 11.11.2012 10:59:31 | Computer Name = compi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 11.11.2012 17:43:05 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 12.11.2012 05:23:17 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

< End of report >
