Malwarebytes meint Befall - was meinen die Spezialisten?

Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
bkgm :: COMPI [Administrator]

04.11.2012 15:24:19
mbam-log-2012-11-04 (17-00-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 497407
Laufzeit: 1 Stunde(n), 31 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

# AdwCleaner v2.007 - Datei am 08/11/2012 um 20:22:09 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : romy - COMPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\romy\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\romy\AppData\Roaming\AD ON Multimedia
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gefunden : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKU\S-1-5-21-2113112678-4025936130-3689292305-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2113112678-4025936130-3689292305-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v10.0.2 (de)

Profilname : default
Datei : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\prefs.js

Gefunden : user_pref(browser.newtab.url, hxxp://search.babylon.com/?affID=109727&tt=010812_nich_3112_4&babsr[...]
Gefunden : user_pref(browser.search.defaultenginename, Search the web (Babylon));
Gefunden : user_pref(browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Gefunden : user_pref(browser.search.order.1, Search the web (Babylon));
Gefunden : user_pref(browser.search.selectedEngine, Search the web (Babylon));
Gefunden : user_pref(extensions.BabylonToolbar.admin, false);
Gefunden : user_pref(extensions.BabylonToolbar.aflt, babsst);
Gefunden : user_pref(extensions.BabylonToolbar.dfltLng, en);
Gefunden : user_pref(extensions.BabylonToolbar.excTlbr, false);
Gefunden : user_pref(extensions.BabylonToolbar.id, a83c1bd00000000000000025d3612810);
Gefunden : user_pref(extensions.BabylonToolbar.instlDay, 15557);
Gefunden : user_pref(extensions.BabylonToolbar.instlRef, sst);
Gefunden : user_pref(extensions.BabylonToolbar.prdct, BabylonToolbar);
Gefunden : user_pref(extensions.BabylonToolbar.prtnrId, babylon);
Gefunden : user_pref(extensions.BabylonToolbar.tlbrId, base);
Gefunden : user_pref(extensions.BabylonToolbar.tlbrSrchUrl, hxxp://www.google.com/search?babsrc=TB_ggl&q=);
Gefunden : user_pref(extensions.BabylonToolbar.vrsn, 1.5.29.1);
Gefunden : user_pref(extensions.BabylonToolbar.vrsni, 1.5.29.1);
Gefunden : user_pref(extensions.BabylonToolbar_i.babExt, );
Gefunden : user_pref(extensions.BabylonToolbar_i.babTrack, affID=109727&tt=010812_nich_3112_4);
Gefunden : user_pref(extensions.BabylonToolbar_i.newTab, true);
Gefunden : user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://search.babylon.com/?affID=109727&tt=01081[...]
Gefunden : user_pref(extensions.BabylonToolbar_i.smplGrp, none);
Gefunden : user_pref(extensions.BabylonToolbar_i.srcExt, ss);
Gefunden : user_pref(extensions.BabylonToolbar_i.vrsnTs, 1.5.29.122:41:01);
Gefunden : user_pref(keyword.URL, hxxp://search.babylon.com/?affID=109727&tt=010812_nich_3112_4&babsrc=KW_ss[...]
Gefunden : user_pref(winamp_toolbar.buttons.layout, skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gefunden : user_pref(winamp_toolbar.firsttime.showwindow, false);
Gefunden : user_pref(winamp_toolbar.install.lastTbVersion, 5.6.12.1);
Gefunden : user_pref(winamp_toolbar.metrics.activestampdate, 26);
Gefunden : user_pref(winamp_toolbar.metrics.activestampmonth, 11);
Gefunden : user_pref(winamp_toolbar.metrics.activestampyear, 2010);
Gefunden : user_pref(winamp_toolbar.metrics.originalDate, 26);
Gefunden : user_pref(winamp_toolbar.metrics.originalHours, 26);
Gefunden : user_pref(winamp_toolbar.metrics.originalMinutes, 13);
Gefunden : user_pref(winamp_toolbar.metrics.originalMonth, 12);
Gefunden : user_pref(winamp_toolbar.metrics.originalSeconds, 36);
Gefunden : user_pref(winamp_toolbar.metrics.originalYear, 2010);
Gefunden : user_pref(winamp_toolbar.search.populateoncomplete, false);
Gefunden : user_pref(winamp_toolbar.search.searchtype, web);
Gefunden : user_pref(winamp_toolbar.search.source, tb50ffwinamp);
Gefunden : user_pref(winamp_toolbar.strbundle.msg, Winamp Toolbar);
Gefunden : user_pref(winamp_toolbar.upgrade.showwindow, false);
Gefunden : user_pref(winamp_toolbar.winamp.appversion, 1);
Gefunden : user_pref(winamp_toolbar.winamp.artist, );
Gefunden : user_pref(winamp_toolbar.winamp.title, -999999);
Gefunden : user_pref(winamp_toolbar.winamp.tracklength, -999999);
Gefunden : user_pref(winamp_toolbar.winamp.tracktime, -999999);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6718 octets] - [08/11/2012 20:22:09]

########## EOF - C:\AdwCleaner[R1].txt - [6778 octets] ##########

# AdwCleaner v2.007 - Datei am 08/11/2012 um 20:35:25 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : romy - COMPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\romy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\AD ON Multimedia
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\WinampToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v10.0.2 (de)

Profilname : default
Datei : C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\prefs.js

C:\Users\romy\AppData\Roaming\Mozilla\Firefox\Profiles\ozczq0cs.default\user.js ... Gelöscht !

Gelöscht : user_pref(browser.newtab.url, hxxp://search.babylon.com/?affID=109727&tt=010812_nich_3112_4&babsr[...]
Gelöscht : user_pref(browser.search.defaultenginename, Search the web (Babylon));
Gelöscht : user_pref(browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Gelöscht : user_pref(browser.search.order.1, Search the web (Babylon));
Gelöscht : user_pref(browser.search.selectedEngine, Search the web (Babylon));
Gelöscht : user_pref(extensions.BabylonToolbar.admin, false);
Gelöscht : user_pref(extensions.BabylonToolbar.aflt, babsst);
Gelöscht : user_pref(extensions.BabylonToolbar.dfltLng, en);
Gelöscht : user_pref(extensions.BabylonToolbar.excTlbr, false);
Gelöscht : user_pref(extensions.BabylonToolbar.id, a83c1bd00000000000000025d3612810);
Gelöscht : user_pref(extensions.BabylonToolbar.instlDay, 15557);
Gelöscht : user_pref(extensions.BabylonToolbar.instlRef, sst);
Gelöscht : user_pref(extensions.BabylonToolbar.prdct, BabylonToolbar);
Gelöscht : user_pref(extensions.BabylonToolbar.prtnrId, babylon);
Gelöscht : user_pref(extensions.BabylonToolbar.tlbrId, base);
Gelöscht : user_pref(extensions.BabylonToolbar.tlbrSrchUrl, hxxp://www.google.com/search?babsrc=TB_ggl&q=);
Gelöscht : user_pref(extensions.BabylonToolbar.vrsn, 1.5.29.1);
Gelöscht : user_pref(extensions.BabylonToolbar.vrsni, 1.5.29.1);
Gelöscht : user_pref(extensions.BabylonToolbar_i.babExt, );
Gelöscht : user_pref(extensions.BabylonToolbar_i.babTrack, affID=109727&tt=010812_nich_3112_4);
Gelöscht : user_pref(extensions.BabylonToolbar_i.newTab, true);
Gelöscht : user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://search.babylon.com/?affID=109727&tt=01081[...]
Gelöscht : user_pref(extensions.BabylonToolbar_i.smplGrp, none);
Gelöscht : user_pref(extensions.BabylonToolbar_i.srcExt, ss);
Gelöscht : user_pref(extensions.BabylonToolbar_i.vrsnTs, 1.5.29.122:41:01);
Gelöscht : user_pref(keyword.URL, hxxp://search.babylon.com/?affID=109727&tt=010812_nich_3112_4&babsrc=KW_ss[...]
Gelöscht : user_pref(winamp_toolbar.buttons.layout, skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gelöscht : user_pref(winamp_toolbar.firsttime.showwindow, false);
Gelöscht : user_pref(winamp_toolbar.install.lastTbVersion, 5.6.12.1);
Gelöscht : user_pref(winamp_toolbar.metrics.activestampdate, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.activestampmonth, 11);
Gelöscht : user_pref(winamp_toolbar.metrics.activestampyear, 2010);
Gelöscht : user_pref(winamp_toolbar.metrics.originalDate, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.originalHours, 26);
Gelöscht : user_pref(winamp_toolbar.metrics.originalMinutes, 13);
Gelöscht : user_pref(winamp_toolbar.metrics.originalMonth, 12);
Gelöscht : user_pref(winamp_toolbar.metrics.originalSeconds, 36);
Gelöscht : user_pref(winamp_toolbar.metrics.originalYear, 2010);
Gelöscht : user_pref(winamp_toolbar.search.populateoncomplete, false);
Gelöscht : user_pref(winamp_toolbar.search.searchtype, web);
Gelöscht : user_pref(winamp_toolbar.search.source, tb50ffwinamp);
Gelöscht : user_pref(winamp_toolbar.strbundle.msg, Winamp Toolbar);
Gelöscht : user_pref(winamp_toolbar.upgrade.showwindow, false);
Gelöscht : user_pref(winamp_toolbar.winamp.appversion, 1);
Gelöscht : user_pref(winamp_toolbar.winamp.artist, );
Gelöscht : user_pref(winamp_toolbar.winamp.title, -999999);
Gelöscht : user_pref(winamp_toolbar.winamp.tracklength, -999999);
Gelöscht : user_pref(winamp_toolbar.winamp.tracktime, -999999);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\romy\AppData\Roaming\Opera\Opera\operaprefs.ini

ÿþM a l w a r e b y t e s A n t i - M a l w a r e 1 . 6 5 . 1 . 1 0 0 0


w w w . m a l w a r e b y t e s . o r g





D a t e n b a n k V e r s i o n : v 2 0 1 2 . 1 1 . 0 8 . 0 9





W i n d o w s 7 S e r v i c e P a c k 1 x 8 6 N T F S


I n t e r n e t E x p l o r e r 9 . 0 . 8 1 1 2 . 1 6 4 2 1


r o m y : : C O M P I [ A d m i n i s t r a t o r ]





0 8 . 1 1 . 2 0 1 2 2 0 : 5 2 : 3 3


m b a m - l o g - 2 0 1 2 - 1 1 - 0 8 ( 2 0 - 5 2 - 3 3 ) . t x t





A r t d e s S u c h l a u f s : V o l l s t ä n d i g e r S u c h l a u f ( C : \ | D : \ | E : \ | F : \ | )


A k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : S p e i c h e r | A u t o s t a r t | R e g i s t r i e r u n g | D a t e i s y s t e m | H e u r i s t i k s / E x t r a | H e u r i s t i K s / S h u r i k e n | P U P | P U M


D e a k t i v i e r t e S u c h l a u f e i n s t e l l u n g e n : P 2 P


D u r c h s u c h t e O b j e k t e : 4 9 5 0 5 6


L a u f z e i t : 1 S t u n d e ( n ) , 2 9 M i n u t e ( n ) , 3 S e k u n d e ( n )





I n f i z i e r t e S p e i c h e r p r o z e s s e : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e S p e i c h e r m o d u l e : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e R e g i s t r i e r u n g s s c h l ü s s e l : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e R e g i s t r i e r u n g s w e r t e : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e D a t e i o b j e k t e d e r R e g i s t r i e r u n g : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e V e r z e i c h n i s s e : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





I n f i z i e r t e D a t e i e n : 0


( K e i n e b ö s a r t i g e n O b j e k t e g e f u n d e n )





( E n d e )

OTL logfile created on: 12.11.2012 20:36:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\romy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.65% Memory free
6.00 Gb Paging File | 3.93 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 1.59 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 30.01 Gb Total Space | 22.76 Gb Free Space | 75.86% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 17.42 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive F: | 30.01 Gb Total Space | 29.06 Gb Free Space | 96.84% Space Free | Partition Type: NTFS

Computer Name: COMPI | User Name: romy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\romy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\CDTray\CDTray.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\WidgetLibrary.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\styles\OviCommonStyle.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtgui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtcore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtnetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Software Updater\qtxml4.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\CDTray\CDTray.exe ()


========== Services (SafeList) ==========

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\WNt500x86\Sandra.sys File not found
DRV - (lpnxpeil) -- System32\drivers\qtbce.sys File not found
DRV - (GearAspiWDM) -- System32\drivers\GEARAspiWDM.sys File not found
DRV - (Afc) -- system32\drivers\Afc.sys File not found
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7A3EC1BB-ADA5-4ECE-A2B6-FA6F4FC78A6D}: URL = http://downloads.phpnuke.org/de/index.php?rvs=google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Daten\download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 5A D7 07 D9 4D CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {EF58F066-1BD0-4BD5-A018-A843DBEAF0B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: URL = http://www.google.com/search?q={searc
IE - HKCU\..\SearchScopes\{7A3EC1BB-ADA5-4ECE-A2B6-FA6F4FC78A6D}: URL = http://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\..\SearchScopes\{EF58F066-1BD0-4BD5-A018-A843DBEAF0B7}: URL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: hhttp://www.google.ch/
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..network.proxy.no_proxies_on: *.local
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.11.03 21:38:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.07 20:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.04 20:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 17:33:15 | 000,000,000 | ---D | M]

[2010.04.02 19:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\Extensions
[2012.11.08 20:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\Firefox\Profiles\ozczq0cs.default\extensions
[2010.05.01 22:03:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\romy\AppData\Roaming\mozilla\Firefox\Profiles\ozczq0cs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.28 01:01:28 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\romy\AppData\Roaming\mozilla\firefox\profiles\ozczq0cs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.09.29 17:17:31 | 000,001,379 | ---- | M] () -- C:\Users\romy\AppData\Roaming\mozilla\firefox\profiles\ozczq0cs.default\searchplugins\winamp-search.xml
[2012.09.05 11:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.04 12:38:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.04 20:00:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.09.29 17:17:31 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.29 17:17:31 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.29 17:17:31 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.29 17:17:31 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.05 21:40:40 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.29 17:17:31 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Freemake Video Converter = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: Google Mail = C:\Users\romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010.05.13 22:53:40 | 000,001,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CDTray.exe.lnk = C:\Program Files\CDTray\CDTray.exe ()
O4 - Startup: C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7809B7E-2F4D-4D95-8C5D-256454614890}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8969EC8-F810-4747-A25B-C71EDE050B3F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a25b6185-1ab0-11e2-a62f-9e20dfaf8edd}\Shell - = AutoRun
O33 - MountPoints2\{a25b6185-1ab0-11e2-a62f-9e20dfaf8edd}\Shell\AutoRun\command - = L:\Start_eBanking_Login-Stick_Win.exe
O33 - MountPoints2\{af470ec5-e1af-11df-a170-bddb786e51a9}\Shell - = AutoRun
O33 - MountPoints2\{af470ec5-e1af-11df-a170-bddb786e51a9}\Shell\AutoRun\command - = L:\Start_eBanking_Login-Stick_Win.exe
O33 - MountPoints2\R\Shell - = AutoRun
O33 - MountPoints2\R\Shell\AutoRun\command - = R:\Win32\AppWizard.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.11 11:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.09 10:26:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\romy\Desktop\OTL.exe
[2012.10.30 21:32:53 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Acronis
[2012.10.30 21:31:40 | 000,601,408 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012.10.30 21:31:33 | 000,125,472 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012.10.30 21:31:31 | 000,083,392 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012.10.30 21:31:29 | 000,169,088 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012.10.30 21:31:28 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.10.30 21:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012.10.29 17:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.29 17:33:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.29 17:33:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.29 17:33:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.29 17:33:14 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.29 17:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.10.19 15:46:44 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Local\ElevatedDiagnostics
[2012.10.16 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Roaming\Ashampoo Slideshow Studio HD 2
[2012.10.16 19:53:30 | 000,000,000 | ---D | C] -- C:\Users\romy\AppData\Local\ashampoo
[2012.10.16 19:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.09.07 20:16:01 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\romy\AppData\Roaming\SetupGFD.exe
[2010.09.07 20:15:33 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\romy\AppData\Roaming\ffdshow.exe
[2010.09.07 20:15:29 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\romy\AppData\Roaming\xvid.exe
[2010.09.07 20:15:17 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Users\romy\AppData\Roaming\Imgburn.exe
[2010.09.07 20:14:59 | 004,182,178 | ---- | C] (The Public) -- C:\Users\romy\AppData\Roaming\Avisynth.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.12 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.12 20:15:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.12 19:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.12 15:13:09 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.12 15:13:09 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.12 15:13:09 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.12 15:13:09 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.12 10:30:16 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 10:30:16 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 10:23:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.12 10:22:51 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 10:22:50 | 001,875,913 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.11.11 12:18:35 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.11 11:40:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.11 11:40:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.09 10:26:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\romy\Desktop\OTL.exe
[2012.11.08 20:20:44 | 000,541,569 | ---- | M] () -- C:\Users\romy\Desktop\adwcleaner.exe
[2012.10.31 14:57:24 | 000,001,294 | ---- | M] () -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.30 21:31:42 | 000,001,185 | ---- | M] () -- C:\Users\romy\Desktop\Acronis True Image WD Edition.lnk
[2012.10.30 21:31:40 | 000,601,408 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012.10.30 21:31:33 | 000,125,472 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012.10.30 21:31:31 | 000,083,392 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012.10.30 21:31:29 | 000,169,088 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012.10.29 17:33:07 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.29 17:33:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.29 17:33:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.29 17:33:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.29 17:33:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.22 12:21:26 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk
[2012.10.20 14:23:02 | 245,439,962 | ---- | M] () -- C:\registry-20121020_15.22h.reg
[2012.10.20 14:14:31 | 245,396,624 | ---- | M] () -- C:\registry-20121020_15.13h.reg
[2012.10.17 20:36:08 | 244,928,614 | ---- | M] () -- C:\registry-20121017_21.36h.reg
[2012.10.17 20:36:08 | 244,928,614 | ---- | M] () -- C:\registry-20121017.reg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.11 11:41:23 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.08 20:20:43 | 000,541,569 | ---- | C] () -- C:\Users\romy\Desktop\adwcleaner.exe
[2012.10.31 14:57:24 | 000,001,294 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.10.30 21:31:42 | 000,001,185 | ---- | C] () -- C:\Users\romy\Desktop\Acronis True Image WD Edition.lnk
[2012.10.20 14:22:27 | 245,439,962 | ---- | C] () -- C:\registry-20121020_15.22h.reg
[2012.10.20 14:14:20 | 245,396,624 | ---- | C] () -- C:\registry-20121020_15.13h.reg
[2012.10.17 21:46:47 | 244,928,614 | ---- | C] () -- C:\registry-20121017_21.36h.reg
[2012.10.17 20:35:56 | 244,928,614 | ---- | C] () -- C:\registry-20121017.reg
[2012.10.16 19:53:29 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Slideshow Studio HD 2.lnk
[2012.09.04 20:17:43 | 000,000,132 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.02 11:24:34 | 000,011,264 | ---- | C] () -- C:\Users\romy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.04 14:26:24 | 000,003,485 | ---- | C] () -- C:\Users\romy\.recently-used.xbel
[2011.02.08 17:36:07 | 003,486,336 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.02.08 17:36:07 | 000,241,664 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011.02.08 17:36:07 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.02.08 17:36:07 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.02.08 17:36:07 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.02.08 17:36:06 | 000,172,103 | ---- | C] () -- C:\Windows\BM.exe
[2011.02.08 16:29:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.07 19:54:29 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.12.17 18:32:29 | 000,000,132 | ---- | C] () -- C:\Users\romy\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.07 20:15:43 | 005,243,208 | ---- | C] ( ) -- C:\Users\romy\AppData\Roaming\AvsP.exe
[2010.03.19 23:56:40 | 000,007,679 | ---- | C] () -- C:\Users\romy\AppData\Local\Resmon.ResmonCfg
[2010.03.16 11:37:45 | 000,696,277 | ---- | C] () -- C:\Users\romy\AppData\Roaming\unins000.exe
[2010.03.16 11:37:45 | 000,001,270 | ---- | C] () -- C:\Users\romy\AppData\Roaming\unins000.dat
[2009.11.04 23:27:52 | 000,002,925 | ---- | C] () -- C:\Users\romy\pspbrwse.jbf
[2009.10.16 00:40:19 | 000,224,917 | ---- | C] () -- C:\Users\romy\artur01.jpg

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
= %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
= %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
= %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
ThreadingModel = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 4264 bytes -> C:\Users\romy\artur01.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

OTL Extras logfile created on: 12.11.2012 20:36:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\romy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Language: DES | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.65% Memory free
6.00 Gb Paging File | 3.93 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 1.59 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
Drive D: | 30.01 Gb Total Space | 22.76 Gb Free Space | 75.86% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 17.42 Gb Free Space | 58.06% Space Free | Partition Type: NTFS
Drive F: | 30.01 Gb Total Space | 29.06 Gb Free Space | 96.84% Space Free | Partition Type: NTFS

Computer Name: COMPI | User Name: romy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC-media-player-VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue %1 ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe %L (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- C:\Program Files\IrfanView\i_view32.exe %1 /thumbs (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC-media-player-VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue %1 ()
Directory [Winamp.Bookmark] -- C:\Program Files\Winamp\winamp.exe /BOOKMARK %1 (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- C:\Program Files\Winamp\winamp.exe /ADD %1 (Nullsoft, Inc.)
Directory [Winamp.Play] -- C:\Program Files\Winamp\winamp.exe %1 (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = Reg Error: Unknown registry data type -- File not found
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
DisableNotifications = 0
EnableFirewall = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{1DDA1E14-69D0-44D0-8958-0DDB78F6E69A} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{23DF49C3-D3A2-443D-8033-5F916DC6F5D0} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{2FBEAC6D-987C-4DCD-9087-63A095AECDF0} = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
{32F2950B-245C-49F8-975A-34864CBE8242} = rport=138 | protocol=17 | dir=out | app=system |
{3FECF496-3B61-40BD-AB45-80078B720B27} = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011a\wnt500x86\rpcsandrasrv.exe |
{4AB153D0-F166-45D0-909F-EF06620D9E15} = lport=138 | protocol=17 | dir=in | app=system |
{4E6F4846-D9C0-414A-95A2-0B5040C8494F} = rport=445 | protocol=6 | dir=out | app=system |
{4F2C2882-611D-4C64-A511-8C714E371647} = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
{65A8B9DA-0DC4-4B97-B2C4-3AA55A85F199} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{6F1F9442-C6BD-435D-9BFF-68A23EBB4B4B} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{7724EAC9-5839-46A1-A8CA-D6878DA2FB71} = lport=2869 | protocol=6 | dir=in | app=system |
{88DF4D16-F72D-4536-B457-B5F1442655C1} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{8D40B9F6-F7B3-44D0-8411-2A9EE2892271} = lport=137 | protocol=17 | dir=in | app=system |
{9F9D2CB1-6218-4045-B9BA-6A6392F1AA43} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{A095FFBA-CFE8-4C1B-9EAE-18A6D2E1A0D6} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{A7A7AB6C-CEB0-4A3E-A99A-C139E2BB75C4} = lport=445 | protocol=6 | dir=in | app=system |
{B04850D3-EA2E-4541-B1B9-8F7AA8B2C4CA} = lport=10243 | protocol=6 | dir=in | app=system |
{BBF5F057-D390-4038-81DA-F19954C456F1} = rport=139 | protocol=6 | dir=out | app=system |
{BD620250-D097-43C9-9C09-1C2B5320EA5F} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
{C0FE1ECD-9855-42EF-9068-69C0DB5C3B05} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{D7101C95-983E-453E-BD96-1A5BB2586FE6} = rport=137 | protocol=17 | dir=out | app=system |
{E593FE59-CF27-4F14-A8D6-D6DCAE81E24F} = rport=10243 | protocol=6 | dir=out | app=system |
{EAC4135B-5AD7-4E7A-9749-F12D4A286152} = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
{F21D167B-D2A5-4735-B3FE-DD9DE6CF7E83} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{F333186E-9E78-4B97-AD18-4D439FA3ED63} = lport=139 | protocol=6 | dir=in | app=system |
{F39D4F66-2B4F-41F8-8537-653AD721F88C} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{FF963B2E-EF84-48A6-B1BC-FE73EDC8A717} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{00829CC1-5632-4FDD-9813-54F5831601F5} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{2270CB1C-B88E-4EC1-A4D8-E350CA7F80D3} = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{239B6A80-C148-4D02-B399-98D7464AA2ED} = protocol=58 | dir=out | [email protected],-28546 |
{2C53ED4D-6FC7-4D94-8AF6-970E0E41D2F0} = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
{413FD727-5415-4547-8B4E-8B5CEA2793C0} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{46839ACE-AD23-4986-9392-2577DB3D2FBE} = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
{4A062BEB-33CC-4A5C-AD88-131766E26E4F} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{6267262D-B677-42A8-A45C-B7B4778D702F} = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
{626EF519-3B19-44F7-9FAC-32BF5562309A} = protocol=1 | dir=out | [email protected],-28544 |
{62D30A32-2A46-4DB3-9437-EC53C9CE88DB} = protocol=1 | dir=in | [email protected],-28543 |
{64A3EA23-2D60-44DC-8B32-6030D6CA4DA2} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{65B23FB4-6008-4B98-8A37-15B6B17DE6D9} = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
{6A29296C-DA7C-4872-A1DE-C0B5F0A00DA8} = dir=in | app=c:\program files\skype\phone\skype.exe |
{7A9C66AE-7124-485E-916E-766C89B3DA05} = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
{9CAD0F24-5314-4AEE-83C3-783D752BE48B} = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
{A31056CD-607A-424A-ABCF-71F92F2D4ECC} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{B59BB214-A6BA-4DEA-9B10-226B08481C92} = protocol=6 | dir=out | app=system |
{B7A0F363-A7EB-4F4E-A5B1-6D864403CA93} = protocol=58 | dir=in | [email protected],-28545 |
{C21FF14F-3743-45BE-882E-53D195296AAE} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{E352E5D4-D0B6-4915-8BA8-EC4D47254246} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{E9EB8148-19A6-431C-9D2D-82905B888800} = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
{F0E337EF-D144-4E4F-959C-FA4528EA846A} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{F1A1651F-81F8-421F-A59B-6AA4B508E4F7} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{F66783CE-1244-4400-8972-A2A3D03D841B} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{FD5D6AE1-744D-4366-AE32-B3A166C85564} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{15F9F61A-9C64-4D99-98A2-D6926733FE2C}D:\daten\xampp\apache\bin\httpd.exe = protocol=6 | dir=in | app=d:\daten\xampp\apache\bin\httpd.exe |
TCP Query User{29076446-719E-4F1D-8D13-1B925E79CBF6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

TCP Query User{3232CAFC-19AA-4F68-889D-972A0787361F}C:\program files\internet explorer\iexplore.exe = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
TCP Query User{409B593B-2CF9-4C09-85B8-90D3D67F974D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
TCP Query User{9B4B12BC-EA32-4C0C-9308-5D84999096A0}C:\program files\winamp\winamp.exe = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
TCP Query User{9D777D8F-40D8-4F7E-BB0A-D641600E308D}C:\xampp\apache\bin\httpd.exe = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
TCP Query User{C4C2F8BA-9DA4-47C6-BA2F-96EF594C43D2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{DDAC81E9-80AA-4769-99D6-6E9FDE28C301}D:\daten\xampp\mysql\bin\mysqld.exe = protocol=6 | dir=in | app=d:\daten\xampp\mysql\bin\mysqld.exe |
UDP Query User{36D48C9E-DBAD-4E7E-8FE3-D774620B4FE1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{4ACB1D76-7CE9-4D3D-A4AA-62AD8DF30C03}C:\program files\internet explorer\iexplore.exe = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
UDP Query User{4D09E085-095D-46E5-8E53-A25EFE97A1BA}C:\xampp\apache\bin\httpd.exe = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
UDP Query User{4EE66890-67F0-40E8-94BF-4888F85F45F0}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
UDP Query User{6AD357D1-6559-4AE8-928D-110DB0EAA56B}C:\program files\winamp\winamp.exe = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
UDP Query User{9C2993FB-3C20-420F-811C-2094275BC2C0}D:\daten\xampp\mysql\bin\mysqld.exe = protocol=17 | dir=in | app=d:\daten\xampp\mysql\bin\mysqld.exe |
UDP Query User{C9E9B931-CF0D-4740-A6BA-56133BCD4721}C:\program files\nokia\nokia software updater\nsu_ui_client.exe = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
UDP Query User{EDC127BB-CA21-46DD-BBA5-8DB8FAB5E493}D:\daten\xampp\apache\bin\httpd.exe = protocol=17 | dir=in | app=d:\daten\xampp\apache\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
{0224CACC-994D-45F8-B973-D65056EA9C2F} = Adobe XMP DVA Panels CS3
{033E378E-6AD3-4AD5-BDEB-CBD69B31046C} = Microsoft_VC90_ATL_x86
{04AF207D-9A77-465A-8B76-991F6AB66245} = Adobe Help Viewer CS3
{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} = Windows Live ID-Anmelde-Assistent
{08B32819-6EEF-4057-AEDA-5AB681A36A23} = Adobe Bridge Start Meeting
{08D2E121-7F6A-43EB-97FD-629B44903403} = Microsoft_VC90_CRT_x86
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{0F022A2E-7022-497D-90A5-0F46746D8275} = Macromedia Extension Manager
{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} = Microsoft_VC80_ATL_x86
{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series = Canon MP540 series MP Drivers
{1280E900-35DA-4E08-A700-B79A5B2B8532} = Microsoft Antimalware Service DE-DE Language Pack
{15FEDA5F-141C-4127-8D7E-B962D1742728} = Adobe Photoshop CS5
{18455581-E099-4BA8-BC6B-F34B2F06600C} = Google Toolbar for Internet Explorer
{1A15507A-8551-4626-915D-3D5FA095CC1B} = Corel Paint Shop Pro X
{205C6BDD-7B73-42DE-8505-9A093F35A238} = Windows Live-Uploadtool
{223A0FFB-5BAE-4541-B4AA-5688384FA77E} = USB2.0 2MP UVC Camera
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} = MSVCRT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = Google Toolbar for Internet Explorer
{26A24AE4-039D-4CA4-87B4-2F83217009FF} = Java 7 Update 9
{2BA722D1-48D1-406E-9123-8AE5431D63EF} = Windows Live Fotogalerie
{2D99A593-C841-43A7-B7C9-D6F3AE70B756} = Nokia Connectivity Cable Driver
{2e10c007-3bd1-4ee1-aafd-ef0216bdaa4f} = Nero 9 Lite
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{32A546AD-2626-1DF1-0746-123AFA6E265F} = ATI Catalyst Install Manager
{3C3901C5-3455-3E0A-A214-0B093A5070A6} = Microsoft .NET Framework 4 Client Profile
{3D3E663D-4E7E-4577-A560-7ECDDD45548A} = PVSonyDll
{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} = eReg
{3EFEF049-23D4-4B46-8903-4592FEA51018} = Windows Live Movie Maker
{4412F224-3849-4461-A3E9-DEEF8D252790} = Visual Studio C++ 10.0 Runtime
{45F4941E-5E77-11DF-A71D-005056C00008} = Paragon Partition Manager™ 11 Free Edition
{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} = Adobe AIR
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{50779A29-834E-4E36-BBEB-B7CABC67A825} = Microsoft Security Client DE-DE Language Pack
{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} = Adobe Premiere Pro CS3 Functional Content
{53480330-E1D1-41CA-B8F8-7F78644F7F50} = O&O Defrag Professional Edition
{54793AA1-5001-42F4-ABB6-C364617C6078} = Adobe Linguistics CS3
{56C049BE-79E9-4502-BEA7-9754A3E60F9B} = neroxml
{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} = Adobe Premiere Pro CS3
{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} = Google Earth
{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} = Microsoft_VC90_MFC_x86
{65F67589-B92D-4B77-8FC8-43AD21379343} = Nitro Reader 2
{6ABE0BEE-D572-4FE8-B434-9E72A289431B} = Adobe Fonts All
{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} = MSVC80_x86_v2
{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} = Adobe Asset Services CS3
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{76618402-179D-4699-A66B-D351C59436BC} = Windows Live Sync
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7748AC8C-18E3-43BB-959B-088FAEA16FB2} = Nero StartSmart
{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} = NVIDIA ForceWare Network Access Manager
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable
{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} = Adobe Device Central CS3
{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B} = Macromedia HomeSite+
{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} = Adobe Type Support
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49} = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2} = Microsoft Office 2007 Service Pack 3 (SP3)
{90140000-2005-0000-0000-0000000FF1CE} = Microsoft Office File Validation Add-In
{90176341-0A8B-4CCC-A78D-F862228A6B95} = Adobe Anchor Service CS3
{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} = Microsoft_VC80_CRT_x86
{95120000-00B9-0409-0000-0000000FF1CE} = Microsoft Application Error Reporting
{95140000-00AF-0407-0000-0000000FF1CE} = Microsoft PowerPoint Viewer
{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD} = Microsoft Security Client
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9B683A28-2172-4CF1-B85D-41375E80652A} = Acronis True Image WD Edition
{9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{9C9824D9-9000-4373-A6A5-D0E5D4831394} = Adobe Bridge CS3
{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} = Adobe CMaps
{A498D9EB-927B-459B-85D6-DD6EF8C2C564} = erLT
{A78FE97A-C0C8-49CE-89D0-EDD524A17392} = PDF Settings CS5
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AC76BA86-7AD7-1031-7B44-A95000000001} = Adobe Reader 9.5.2 - Deutsch
{AF111648-99A1-453E-81DD-80DBBF6DAD0D} = MSVC90_x86
{B2EC4A38-B545-4A00-8214-13FE0E915E6D} = Advertising Center
{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} = Adobe Camera Raw 4.0
{B6CF2967-C81E-40C0-9815-C05774FEF120} = Skype Click to Call
{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} = Adobe Default Language CS3
{BB81360F-041C-4CF7-B15E-71380D154244} = Adobe Setup
{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} = Nero ControlCenter
{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} = Adobe ExtendScript Toolkit 2
{C373F7C4-05D2-4047-96D1-6AF30661C6AA} = PC Connectivity Solution
{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} = Nero Online Upgrade
{C96AA90C-9DE0-4C37-92F2-49CC3FE8C330} = Nokia Software Updater
{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1 = UBitMenuDE
{D0D14551-3A2D-433B-861F-F4DCE5422759} = Nokia PC Suite
{D0DFF92A-492E-4C40-B862-A74A173C25C5} = Adobe Version Cue CS3 Client
{D1A19B02-817E-4296-A45B-07853FD74D57} = Microsoft_VC80_MFC_x86
{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} = Adobe PDF Library Files
{D5A31AB1-345D-47C7-A87B-036A669F6DF1} = Adobe XMP Panels CS3
{D92BBB52-82FF-42ED-8A3C-4E062F944AB7} = Microsoft_VC80_MFCLOC_x86
{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} = Adobe Color Common Settings
{DE3A9DC5-9A5D-6485-9662-347162C7E4CA} = Adobe Media Player
{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6} = NVIDIA PhysX
{E40CE517-0D42-4198-96B4-C8232B257EB5} = Data Lifeguard Diagnostic for Windows
{E69AE897-9E0B-485C-8552-7841F48D42D8} = Adobe Update Manager CS3
{E8A80433-302B-4FF1-815D-FCC8EAC482FF} = Nero Installer
{ED00D08A-3C5F-488D-93A0-A04F21F23956} = Windows Live Communications Platform
{EE531675-A09C-51DD-F356-ECA9D6857039} = Adobe Community Help
{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} = Skype™ 5.10
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} = Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} = Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} = Microsoft Office Live Add-in 1.5
{F750C986-5310-3A5A-95F8-4EC71C8AC01C} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} = Windows Live Essentials
{FCC32487-14A5-403C-922A-71CA97DCCBC2} = AquaSoft PhotoFlash 2
{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
504244733D18C8F63FF584AEB290E3904E791693 = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
72A50F48CC5601190B9C4E74D81161693133E7F7 = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
7-Zip = 7-Zip 9.20
Adobe AIR = Adobe AIR
Adobe Flash Player ActiveX = Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0 = Adobe Photoshop 6.0
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Adobe SVG Viewer = Adobe SVG Viewer 3.0
Adobe_32fdd767b4383606e8168e834af5d90 = Adobe Premiere Pro CS3
Ant Renamer 2_is1 = Ant Renamer
AquaSoft PhotoFlash 2 = AquaSoft PhotoFlash 2
Ashampoo Slideshow Studio Elements_is1 = Ashampoo Slideshow Studio Elements 2.0.1
Ashampoo Slideshow Studio HD 2_is1 = Ashampoo Slideshow Studio HD 2 v.2.0.5
Audiograbber = Audiograbber 1.83 SE
AVS Update Manager_is1 = AVS Update Manager 1.0
AVS4YOU Video Converter 7_is1 = AVS Video Converter 8
CanonMyPrinter = Canon Utilities My Printer
CanonSolutionMenu = Canon Utilities Solution Menu
CCleaner = CCleaner

chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 = Adobe Community Help
com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 = Adobe Media Player
CSEHTMLVALIDATOR110_is1 = CSE HTML Validator Standard v11.02
Das große Ostalgie-Spiel = Das große Ostalgie-Spiel
E0AC723A3DE3A04256288CADBBB011B112AED454 = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
EASEUS Partition Master Home Edition_is1 = EASEUS Partition Master 5.0.1 Home Edition
Easy GIF Animator_is1 = Easy GIF Animator 5.21
Easy-PhotoPrint EX = Canon Utilities Easy-PhotoPrint EX
Easy-WebPrint EX = Canon Easy-WebPrint EX
ENTERPRISE = Microsoft Office Enterprise 2007
EVEREST Home Edition_is1 = EVEREST Home Edition v2.20
FileZilla Client = FileZilla Client 3.5.3
FormatFactory = FormatFactory 2.60
Freemake Video Converter_is1 = Freemake Video Converter Version 3.1.2
Google Chrome = Google Chrome
Heliswiss = Heliswiss
Heliswiss_Ecureuil = Heliswiss_Ecureuil
Heliswiss_Kamov = Heliswiss_Kamov
Heliswiss_Transport = Heliswiss_Transport
IcoFX_is1 = IcoFX 1.6.4
IETester = IETester v0.4.10 (remove only)
ImgBurn = ImgBurn
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} = CyberLink YouCam
InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD} = NVIDIA ForceWare Network Access Manager
IrfanView = IrfanView (remove only)
Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware Version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Security Client = Microsoft Security Essentials
Mozilla Firefox 10.0.2 (x86 de) = Mozilla Firefox 10.0.2 (x86 de)
MP Navigator EX 2.0 = Canon MP Navigator EX 2.0
MyTomTom = MyTomTom 3.2.0.802
Nokia PC Suite = Nokia PC Suite
NP_FR_2010-1 = FRITax 2010 10.2.16
NP_FR_2011 = FRITax 2011 11.3.35
NVIDIA Display Control Panel = NVIDIA Display Control Panel
NVIDIA Drivers = NVIDIA Drivers
Paint Shop Pro 6.0 = Paint Shop Pro 6.0 (CD-ROM)
Picasa 3 = Picasa 3
Sweet Home 3D_is1 = Sweet Home 3D version 3.3
VideoConverter = VideoConverter
VLC media player = VLC media player 2.0.3
Winamp = Winamp
WinGimp-2.0_is1 = GIMP 2.6.11
WinLiveSuite_Wave3 = Windows Live Essentials
WinMerge_is1 = WinMerge 2.12.4
xampp = XAMPP 1.7.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Winamp Detect = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.12.2011 06:23:52 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 04.12.2011 06:26:04 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 04.12.2011 06:26:32 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
sxstrace.exe.

Error - 05.12.2011 09:20:38 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 05.12.2011 09:22:53 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 05.12.2011 09:23:21 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
sxstrace.exe.

Error - 06.12.2011 08:04:32 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 06.12.2011 10:11:25 | Computer Name = compi | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe. Fehler in Manifest- oder Richtliniendatei C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 06.12.2011 10:13:18 | Computer Name = compi | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für c:\program files\microsoft
security client\MSESysprep.dll. Fehler in Manifest- oder Richtliniendatei c:\program
files\microsoft security client\MSESysprep.dll in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 06.12.2011 10:13:48 | Computer Name = compi | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll. Die abhängige Assemblierung Microsoft.VC80.DebugCRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50608.0
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
sxstrace.exe.

[ OSession Events ]
Error - 10.09.2010 08:11:46 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 06.10.2010 14:23:57 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11.04.2011 05:02:11 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.04.2011 14:15:44 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.11.2011 11:52:48 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26.10.2012 17:56:52 | Computer Name = compi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 43868
seconds with 3780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08.11.2012 17:44:28 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 09.11.2012 03:43:18 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lpnxpeil

Error - 09.11.2012 03:43:56 | Computer Name = compi | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst Programmkompatibilitäts-Assistent konnte Phase 2 nicht
initialisieren.

Error - 09.11.2012 17:54:07 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 10.11.2012 06:42:48 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lpnxpeil

Error - 10.11.2012 17:07:00 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 11.11.2012 06:37:41 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lpnxpeil

Error - 11.11.2012 10:59:31 | Computer Name = compi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 11.11.2012 17:43:05 | Computer Name = compi | Source = Service Control Manager | ID = 7024
Description = Der Dienst Apache2.2 wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.

Error - 12.11.2012 05:23:17 | Computer Name = compi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
lpnxpeil


< End of report >