| |
| |||||||
Log-Analyse und Auswertung: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nlsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.12.2012, 07:02
| #1 |
| |  RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls Hallo zusammen, seit einigen Tagen erscheint direkt nach dem Systemstart folgende Meldung: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls Nach dem Klick auf ok läuft alles scheinbar normal. Habe gegoogelt und Hinweise bekommen, es könnte sich um Schadsoftware handeln. Avira zeigt aber nichts an, malwarebytes auch nicht. Die OTL- und Exra-Reports habe ich unten angefügt. Ich hoffe, es kann mir jemand helfen. Besten Dank im Voraus. MfG, Zapokill OTL: OTL logfile created on: 09.12.2012 06:26:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,88 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,95% Memory free 11,77 Gb Paging File | 9,76 Gb Available in Paging File | 82,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,01 Gb Total Space | 16,02 Gb Free Space | 16,86% Space Free | Partition Type: NTFS Drive G: | 358,56 Gb Total Space | 158,38 Gb Free Space | 44,17% Space Free | Partition Type: NTFS Computer Name: RALF-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.09 06:25:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe PRC - [2012.12.02 05:57:42 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.12.01 05:01:21 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.09 07:19:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.14 17:44:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 17:44:51 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.14 17:44:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.14 17:44:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 17:44:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.22 08:46:08 | 000,417,792 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe PRC - [2011.02.03 06:31:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.02.02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.09.28 09:18:32 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe PRC - [2010.08.25 14:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe ========== Modules (No Company Name) ========== MOD - [2012.12.02 05:57:42 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.12.01 05:01:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2011.02.03 06:31:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.02.02 20:56:58 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2006.02.22 14:47:44 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll MOD - [2006.02.22 14:47:16 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.02 05:57:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.01 05:01:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.14 17:44:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 17:44:51 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.05.14 17:44:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.14 17:44:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 17:44:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.05 11:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.24 19:01:31 | 003,246,040 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.01.10 04:07:40 | 000,174,080 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\StarMoney 7.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.06.17 16:00:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.04 09:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2011.03.04 22:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.02.03 06:31:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.01 21:53:54 | 001,112,736 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010.12.23 20:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.23 20:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) SRV - [2010.12.23 20:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.03 22:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010.10.28 20:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010.10.28 20:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.25 14:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface) SRV - [2010.07.13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.12 09:56:36 | 000,136,192 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.13 16:32:53 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.11.13 16:32:53 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.09.02 10:09:04 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.14 17:44:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 17:44:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 19:01:32 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.02.24 19:01:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.02.24 19:01:29 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.02.24 19:01:23 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.01.07 12:38:17 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.10.12 04:56:25 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.20 15:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.06.06 10:10:46 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011.06.06 10:10:46 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.06 10:10:46 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.06 10:10:46 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.06.06 10:10:46 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.05.25 19:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.03.28 19:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.03 06:31:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR) DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010.12.21 20:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.13 23:09:14 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.12.13 15:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.24 23:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2010.08.20 17:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.05.20 14:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.09.21 13:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb) DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 10:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV - [2012.03.29 15:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.08.03 16:22:48 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092 FF - prefs.js..network.proxy.type: 4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.29 05:53:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 05:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.15 05:39:11 | 000,000,000 | ---D | M] [2011.06.10 16:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2012.11.24 09:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\jdufzqot.default\extensions [2012.11.24 09:40:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\jdufzqot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.13 14:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 05:53:44 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2012.12.01 05:01:21 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.21 04:29:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 17:12:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 04:29:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 04:29:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 04:29:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 04:29:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.17 15:44:26 | 000,002,381 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 27 more lines... O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Rundll32] Rundll32.exe "C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\unicode2.nls",0 File not found O4 - Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Dateien.lnk = C:\Program Files (x86)\Easy2Sync\Easy2Sync64Bit.exe (IT-Services Thomas Holz) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kkrn.de ([ssl] https in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F17099F2-4E62-4332-933B-34D431C9AD0B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmpx - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmpx - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fe118068-9374-11e0-b7fa-68a3c44ab980}\Shell - "" = AutoRun O33 - MountPoints2\{fe118068-9374-11e0-b7fa-68a3c44ab980}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.09 06:25:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2012.12.08 06:01:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2012.12.08 06:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.08 06:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.08 06:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.08 06:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.21 05:43:09 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\DbgLogs [2012.11.21 05:42:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs [2012.11.15 04:53:57 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Cherry [2012.11.15 04:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Cherry [2012.11.15 04:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager [2012.11.15 04:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cherry [2012.11.15 04:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry ========== Files - Modified Within 30 Days ========== [2012.12.09 06:28:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 06:28:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 06:25:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2012.12.09 06:25:21 | 001,651,460 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.09 06:25:21 | 000,711,624 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.09 06:25:21 | 000,666,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.09 06:25:21 | 000,152,876 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.09 06:25:21 | 000,125,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.09 06:20:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.09 06:20:45 | 443,203,583 | -HS- | M] () -- C:\hiberfil.sys [2012.12.09 06:19:47 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable [2012.12.09 06:19:07 | 000,050,477 | ---- | M] () -- C:\Users\xxxx\Desktop\Defogger.exe [2012.12.09 05:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.04 07:48:32 | 000,001,112 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Dateien.lnk [2012.11.15 10:52:28 | 005,091,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 16:33:08 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs [2012.11.13 16:32:53 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.11.13 16:32:53 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys ========== Files Created - No Company Name ========== [2012.12.09 06:19:47 | 000,000,188 | ---- | C] () -- C:\Users\xxxx \defogger_reenable [2012.12.09 06:19:07 | 000,050,477 | ---- | C] () -- C:\Users\xxxx\Desktop\Defogger.exe [2012.11.15 06:33:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 06:27:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2011.12.31 08:33:07 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll [2011.12.31 08:33:07 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll [2011.12.14 18:36:42 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2011.09.30 04:13:47 | 000,002,115 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\SAS7_000.DAT [2011.09.24 06:19:48 | 000,000,001 | R--- | C] () -- C:\Users\xxxx\serverport [2011.07.31 05:04:02 | 000,000,494 | RHS- | C] () -- C:\Users\xxxx\ntuser.pol [2011.06.17 04:56:28 | 000,000,172 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011.06.12 15:01:37 | 000,000,686 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2011.06.12 14:54:25 | 000,171,205 | ---- | C] () -- C:\Windows\hppins07.dat [2011.06.12 14:54:25 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat [2011.06.12 14:52:58 | 003,189,760 | ---- | C] () -- C:\Windows\SysWow64\hpbcfgre.DLL [2011.06.12 05:18:18 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI [2011.06.12 05:17:30 | 000,000,709 | ---- | C] () -- C:\Windows\Support.ini [2011.06.11 20:02:38 | 000,691,712 | ---- | C] () -- C:\Windows\KPUninstaller.exe [2011.06.11 10:38:06 | 000,007,609 | ---- | C] () -- C:\Users\xxxx\AppData\Local\Resmon.ResmonCfg [2011.06.06 11:49:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.06 11:49:51 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.06 11:49:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.06.06 10:20:23 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2011.06.06 10:16:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2011.06.06 10:16:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.02.11 19:06:36 | 001,629,354 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.20 19:02:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Acronis [2012.04.16 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\calibre [2012.11.15 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cherry [2012.02.24 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite [2011.10.03 16:16:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Duden [2012.01.17 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ! [2012.01.17 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.08.02 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Garmin [2011.06.13 07:46:25 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GHISLER [2011.06.18 06:12:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\INtex Fahrtenbuch 8 [2011.06.12 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Itsth [2011.06.11 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\k-pacs [2012.12.09 06:09:42 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\KeePass [2011.09.29 18:16:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nuance [2011.06.12 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Olympus [2012.01.01 06:04:25 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Software4u [2011.08.26 10:32:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thunderbird [2012.01.19 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software [2012.12.07 09:08:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\UseNeXT [2011.12.29 07:05:16 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\XMedia Recode [2012.12.08 07:56:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\XnView ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0FF263E8 < End of report > Extras: OTL Extras logfile created on: 09.12.2012 06:26:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,88 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,95% Memory free 11,77 Gb Paging File | 9,76 Gb Available in Paging File | 82,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,01 Gb Total Space | 16,02 Gb Free Space | 16,86% Space Free | Partition Type: NTFS Drive G: | 358,56 Gb Total Space | 158,38 Gb Free Space | 44,17% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19A8BA0A-E32C-404F-93C9-DFE0F96636C1}" = lport=138 | protocol=17 | dir=in | app=system | "{21349C2B-35C6-4EFC-9089-2959AFD57466}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{25A383BE-927E-42E7-9B40-F3046831901F}" = rport=139 | protocol=6 | dir=out | app=system | "{2816B8F3-9E8E-4036-AA6F-4D95BDF9B1E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{2A5C56B2-0632-4EB6-AE2B-5C71F60735EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2ADA4150-D4B3-40CE-814F-24574D1EEA75}" = rport=137 | protocol=17 | dir=out | app=system | "{2FFEB756-4040-4F39-9B9A-57AE65239A24}" = lport=2869 | protocol=6 | dir=in | app=system | "{3ABF8381-2B22-4A03-A28D-0CE6AE45649F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45B19990-1EE0-444C-87E3-21516524C3A7}" = lport=10243 | protocol=6 | dir=in | app=system | "{474B4F23-6194-491E-9C3B-CFEDCF0532A3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{4C921127-0FB5-4A58-B698-DBD70653259E}" = rport=445 | protocol=6 | dir=out | app=system | "{4CA0902C-2316-4332-A99E-66AB69B42351}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4DEB917C-6C58-4106-A807-7B61E9BAE9D1}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{5D53BFDD-1F62-4315-93BF-565F2ADA3E68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{77E36FED-56FF-411F-8DBE-AC0C07847D33}" = lport=139 | protocol=6 | dir=in | app=system | "{8FFBCBAB-DF84-4FBA-BC37-A82C6E67ECD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{962DAE8A-948F-4679-9A92-AB01799242AB}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{9CAA0F2F-C4C2-46BD-A9EF-C90569EA0F69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9CFF9850-25D7-4D78-9CB6-B1F1167AD791}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A11EEC88-2702-41D1-8215-A7BD26BCED9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ADB032F1-F532-4D58-A288-9161A8D9B0DA}" = lport=445 | protocol=6 | dir=in | app=system | "{B10C9EBC-2F70-4D89-A6F5-9447CA24DA39}" = rport=138 | protocol=17 | dir=out | app=system | "{B9E4DC91-2F1F-447E-B98E-6972178A62C9}" = lport=137 | protocol=17 | dir=in | app=system | "{C974D5F9-4DBB-4319-B80D-214D7ED62F7D}" = lport=3389 | protocol=6 | dir=in | app=system | "{CC6D4070-BB98-4B6A-B76D-0637FEC9EA85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE242962-423D-453E-90D0-8BBADD0FC206}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | "{CFBDA274-F897-44E5-8F72-A6D7C30745B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E3B0B3D2-665C-4646-9FE3-D519DCC6E85D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E58B0775-04ED-4FBD-B9E2-0A1A165CF4F9}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | "{EE14DC82-6405-4C8E-9F55-00C02D2A14D3}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005FE168-0A46-4A4D-AA5E-FF8D4999F511}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{03F43074-49BC-417B-9C57-F088E554B1F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{22015D80-2368-492E-9B98-56CA55CFD52B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{22BD3385-8044-4765-80D2-BBBF91A2563A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{32E1BAB8-2366-4EFA-8A3E-B86B3AFFBB54}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{348CB537-CDDF-4DC3-9E09-48A6D138316A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3BC8A62C-8DCF-45AE-8593-CA0FFB3F7054}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{507210A2-E0A3-4E74-8C19-5AE9882A6E8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{518E54AB-16A5-419F-B6D8-0EBA63AF2688}" = protocol=6 | dir=out | app=system | "{58AB9EB9-92C5-4A04-8484-EDAAE05FA930}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60C9393F-72E7-4BA7-92DA-E5746FDF4040}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{723F2B3B-D5A9-42C2-9C54-ACD6D6AEF20C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{794B77B2-01DA-491F-BE01-AEE03438BAB3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{80EB64B6-34EA-439C-9730-B2B85ACCFEFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{841B9909-7E15-45D2-9FFA-40EDFAF3B7C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{99FB841D-97BF-41C9-A50C-C2768614685F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{A552B1B5-F612-4E70-9FF8-F1C4FBDB742F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AA0CED43-B4B0-425E-8EFB-F6A834503079}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC5BD71E-F942-4132-B584-EDCCDC6DC395}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AC7776DF-7516-4A5B-8226-48512060129F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB2790C8-B133-4CD5-8EB2-F1F42FADB769}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CB6B1436-A411-4910-B4F3-2DB4CB32A701}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CBBB1CF2-9E53-4642-B6BB-F4313AC2A31F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D4B05D60-262A-46FC-997A-C23D09B8907A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E50EA183-F3F1-4831-947C-6C8500CEA09F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EAE4B714-368F-48C8-8FBB-CC7F137AD2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F0974363-7F5F-4D29-B850-85AC54F1CE21}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F41FE7C5-5ABC-4D2D-BA54-3B65A44B97D2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit) "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}" = HP LaserJet M2727 MFP Series 5.2 "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader "{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit "{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.96 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess "{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "ProInst" = Intel PROSet Wireless "PROSetDX" = Intel(R) Network Connections 15.7.176.1 "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{171194D2-75DA-4495-9F02-40EE46DA04AD}" = hppTLBXFXM2727 "{1B447566-C3EF-44FD-BE0E-6318CA927B51}" = StarMoney 7.0 apoEdition "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder "{34423B40-8F2F-4540-AA0C-D74377C58384}" = hppLaserJetService "{360EC8D3-AA2E-42B4-AC52-FFA9A1C1C1E9}" = hppLJM2727 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite "{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers "{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7 "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{62808FA4-CD22-4A2B-AD50-5053E3C9F6F8}" = hppFaxUtility "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{719DBB12-87A3-4103-BF5B-32BF72570068}" = hppScanTo "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware "{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{88B746D6-1956-4D98-BE82-46E45AAA5BC2}" = Garmin Training Center "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CA5A451-0962-4B1C-9078-A597867F73EB}" = hppSendFaxM2727 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney "{91A32CD1-96A5-41D0-BCE6-9CE25531A875}" = Olympus DSS Player Pro "{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D5AEBC8-B77F-4623-9559-51BA62D34D38}" = calibre "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1D2A138-D53E-4D3F-B547-EA2277007746}" = Auerswald COMset 2.7.2 "{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvM2727 "{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V4.0 Build 6 "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0FA171C-0CB6-48CE-85A9-178D17398665}" = hppManualsM2727 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync für Dateien 4.00 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{EF702322-B623-4B6A-B41D-411725582043}_is1" = Easy2Sync für Outlook 5.02 "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11 "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F252204F-C7D9-4B5A-B0B2-CED865BD0D29}_is1" = INtex Fahrtenbuch 8 "{F374FE8A-F51A-41BC-8EF4-33526F69A044}" = hpzTLBXFX "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Presenter 7" = Adobe Presenter 7 "AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer "Astroburn Lite" = Astroburn Lite "Avira AntiVir Desktop" = Avira Internet Security 2012 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Lite" = DAEMON Tools Lite "Dell Webcam Central" = Dell Webcam Central "Digital Editions" = Adobe Digital Editions "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15 "K-PACS Workstation" = K-PACS Workstation "Kursbuch der ärztlichen Begutachtung -ecomed- 06-2011_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 06-2011 "Kursbuch der ärztlichen Begutachtung -ecomed- 06-2012_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 06-2012 "Kursbuch der ärztlichen Begutachtung -ecomed- 12-2011_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 12-2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer "ST6UNST #1" = Produktaktivierung "ST6UNST #2" = MevoTecLoader "TuneUp Utilities 2012" = TuneUp Utilities 2012 "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.10 "WinLiveSuite" = Windows Live Essentials "XMedia Recode" = XMedia Recode 3.0.6.0 "XnView_is1" = XnView 1.99.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "f031ef6ac137efc5" = Dell Driver Download Manager "Sozialrecht 12.1" = Sozialrecht 12.1 "Sozialrecht 12.2" = Sozialrecht 12.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 998 Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 998 Error - 08.12.2012 00:53:38 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = Error - 08.12.2012 03:34:47 | Computer Name = xxxx-PC | Source = SideBySide | ID = 16842761 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest" in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein. Error - 08.12.2012 03:37:50 | Computer Name = xxxx-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.12.2012 11:09:58 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = Error - 08.12.2012 11:30:40 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 00:30:18 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 00:45:31 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 01:20:57 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 08.12.2012 11:09:53 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 08.12.2012 11:09:53 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.12.2012 11:30:37 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 08.12.2012 11:30:39 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.12.2012 00:30:15 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 09.12.2012 00:30:19 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.12.2012 00:45:29 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 09.12.2012 00:45:33 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.12.2012 01:20:57 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 09.12.2012 01:20:59 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 [ TuneUp Events ] Error - 06.10.2012 05:41:07 | Computer Name = xxxx-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 06.10.2012 05:41:07 | Computer Name = xxxx-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > |
|
10.12.2012, 16:16
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls Hallo und
__________________ Code:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ |
|
| Themen zu RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls |
| adobe, antivir, askbar, avg, avira, bho, bonjour, error, explorer, fehler, firefox, flash player, format, helper, install.exe, logfile, monitor.exe, mozilla, nvidia, nvidia update, nvpciflt.sys, olympus, plug-in, probleme beim starten, registry, richtlinie, rundll, scan, security, server, starmoney, starten, svchost.exe, temp, thomas, unicode2.nls, windows |
Linear-Darstellung
