Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.12.2012, 06:02   #1
zapokill
 
RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls - Standard

RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls



Hallo zusammen,
seit einigen Tagen erscheint direkt nach dem Systemstart folgende Meldung:

RunDll
Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls

Nach dem Klick auf ok läuft alles scheinbar normal. Habe gegoogelt und Hinweise bekommen, es könnte sich um Schadsoftware handeln. Avira zeigt aber nichts an, malwarebytes auch nicht.

Die OTL- und Exra-Reports habe ich unten angefügt.

Ich hoffe, es kann mir jemand helfen. Besten Dank im Voraus.
MfG,
Zapokill


OTL:
OTL logfile created on: 09.12.2012 06:26:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,88 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,95% Memory free
11,77 Gb Paging File | 9,76 Gb Available in Paging File | 82,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,01 Gb Total Space | 16,02 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive G: | 358,56 Gb Total Space | 158,38 Gb Free Space | 44,17% Space Free | Partition Type: NTFS

Computer Name: RALF-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.09 06:25:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2012.12.02 05:57:42 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.12.01 05:01:21 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.09 07:19:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.14 17:44:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 17:44:51 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 17:44:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 17:44:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 17:44:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.22 08:46:08 | 000,417,792 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
PRC - [2011.02.03 06:31:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.02.02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010.09.28 09:18:32 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
PRC - [2010.08.25 14:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.02 05:57:42 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.12.01 05:01:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011.02.03 06:31:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.02.02 20:56:58 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2006.02.22 14:47:44 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 14:47:16 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.02 05:57:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.01 05:01:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 17:44:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 17:44:51 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 17:44:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 17:44:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 17:44:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.05 11:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.24 19:01:31 | 003,246,040 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.01.10 04:07:40 | 000,174,080 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\StarMoney 7.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.06.17 16:00:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.04 09:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011.03.04 22:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.02.03 06:31:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.02 20:57:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.01 21:53:54 | 001,112,736 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010.12.23 20:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.12.23 20:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV - [2010.12.23 20:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.03 22:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010.10.28 20:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010.10.28 20:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.25 14:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
SRV - [2010.07.13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.12 09:56:36 | 000,136,192 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.13 16:32:53 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2012.11.13 16:32:53 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.09.02 10:09:04 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 17:44:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 17:44:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 19:01:32 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.02.24 19:01:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.02.24 19:01:29 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.02.24 19:01:23 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.01.07 12:38:17 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.10.12 04:56:25 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 15:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.06.06 10:10:46 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.06.06 10:10:46 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.06.06 10:10:46 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.06.06 10:10:46 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.06.06 10:10:46 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.25 19:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.28 19:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.03 06:31:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010.12.21 20:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.12.13 23:09:14 | 000,172,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.12.13 15:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.24 23:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010.08.20 17:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.05.20 14:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.09.21 13:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb)
DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 10:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2012.03.29 15:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.03 16:22:48 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.29 05:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 05:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.15 05:39:11 | 000,000,000 | ---D | M]

[2011.06.10 16:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2012.11.24 09:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\jdufzqot.default\extensions
[2012.11.24 09:40:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\jdufzqot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.13 14:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 05:53:44 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.12.01 05:01:21 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 04:29:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 17:12:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 04:29:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 04:29:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 04:29:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 04:29:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.06.17 15:44:26 | 000,002,381 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 27 more lines...
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Rundll32] Rundll32.exe "C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\unicode2.nls",0 File not found
O4 - Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Dateien.lnk = C:\Program Files (x86)\Easy2Sync\Easy2Sync64Bit.exe (IT-Services Thomas Holz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kkrn.de ([ssl] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F17099F2-4E62-4332-933B-34D431C9AD0B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fe118068-9374-11e0-b7fa-68a3c44ab980}\Shell - "" = AutoRun
O33 - MountPoints2\{fe118068-9374-11e0-b7fa-68a3c44ab980}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.09 06:25:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2012.12.08 06:01:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2012.12.08 06:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.08 06:01:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.08 06:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.08 06:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.21 05:43:09 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\DbgLogs
[2012.11.21 05:42:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs
[2012.11.15 04:53:57 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Cherry
[2012.11.15 04:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Cherry
[2012.11.15 04:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry Keyboard Manager
[2012.11.15 04:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cherry
[2012.11.15 04:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry

========== Files - Modified Within 30 Days ==========

[2012.12.09 06:28:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 06:28:19 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 06:25:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2012.12.09 06:25:21 | 001,651,460 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.09 06:25:21 | 000,711,624 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.09 06:25:21 | 000,666,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.09 06:25:21 | 000,152,876 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.09 06:25:21 | 000,125,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.09 06:20:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 06:20:45 | 443,203,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 06:19:47 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable
[2012.12.09 06:19:07 | 000,050,477 | ---- | M] () -- C:\Users\xxxx\Desktop\Defogger.exe
[2012.12.09 05:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.04 07:48:32 | 000,001,112 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Dateien.lnk
[2012.11.15 10:52:28 | 005,091,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 16:33:08 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2012.11.13 16:32:53 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.11.13 16:32:53 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys

========== Files Created - No Company Name ==========
[2012.12.09 06:19:47 | 000,000,188 | ---- | C] () -- C:\Users\xxxx
\defogger_reenable
[2012.12.09 06:19:07 | 000,050,477 | ---- | C] () -- C:\Users\xxxx\Desktop\Defogger.exe
[2012.11.15 06:33:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 06:27:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011.12.31 08:33:07 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2011.12.31 08:33:07 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2011.12.14 18:36:42 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.09.30 04:13:47 | 000,002,115 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\SAS7_000.DAT
[2011.09.24 06:19:48 | 000,000,001 | R--- | C] () -- C:\Users\xxxx\serverport
[2011.07.31 05:04:02 | 000,000,494 | RHS- | C] () -- C:\Users\xxxx\ntuser.pol
[2011.06.17 04:56:28 | 000,000,172 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.06.12 15:01:37 | 000,000,686 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.06.12 14:54:25 | 000,171,205 | ---- | C] () -- C:\Windows\hppins07.dat
[2011.06.12 14:54:25 | 000,000,838 | ---- | C] () -- C:\Windows\hppmdl07.dat
[2011.06.12 14:52:58 | 003,189,760 | ---- | C] () -- C:\Windows\SysWow64\hpbcfgre.DLL
[2011.06.12 05:18:18 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2011.06.12 05:17:30 | 000,000,709 | ---- | C] () -- C:\Windows\Support.ini
[2011.06.11 20:02:38 | 000,691,712 | ---- | C] () -- C:\Windows\KPUninstaller.exe
[2011.06.11 10:38:06 | 000,007,609 | ---- | C] () -- C:\Users\xxxx\AppData\Local\Resmon.ResmonCfg
[2011.06.06 11:49:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.06 11:49:51 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.06 11:49:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.06 10:20:23 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011.06.06 10:16:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2011.06.06 10:16:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.02.11 19:06:36 | 001,629,354 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.05.20 19:02:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Acronis
[2012.04.16 12:40:55 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\calibre
[2012.11.15 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Cherry
[2012.02.24 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite
[2011.10.03 16:16:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Duden
[2012.01.17 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ!
[2012.01.17 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.08.02 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Garmin
[2011.06.13 07:46:25 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GHISLER
[2011.06.18 06:12:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\INtex Fahrtenbuch 8
[2011.06.12 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Itsth
[2011.06.11 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\k-pacs
[2012.12.09 06:09:42 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\KeePass
[2011.09.29 18:16:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nuance
[2011.06.12 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Olympus
[2012.01.01 06:04:25 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Software4u
[2011.08.26 10:32:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thunderbird
[2012.01.19 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software
[2012.12.07 09:08:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\UseNeXT
[2011.12.29 07:05:16 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\XMedia Recode
[2012.12.08 07:56:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >

Extras:
OTL Extras logfile created on: 09.12.2012 06:26:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,88 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,95% Memory free
11,77 Gb Paging File | 9,76 Gb Available in Paging File | 82,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,01 Gb Total Space | 16,02 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive G: | 358,56 Gb Total Space | 158,38 Gb Free Space | 44,17% Space Free | Partition Type: NTFS

Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19A8BA0A-E32C-404F-93C9-DFE0F96636C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{21349C2B-35C6-4EFC-9089-2959AFD57466}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{25A383BE-927E-42E7-9B40-F3046831901F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2816B8F3-9E8E-4036-AA6F-4D95BDF9B1E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2A5C56B2-0632-4EB6-AE2B-5C71F60735EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2ADA4150-D4B3-40CE-814F-24574D1EEA75}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FFEB756-4040-4F39-9B9A-57AE65239A24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3ABF8381-2B22-4A03-A28D-0CE6AE45649F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45B19990-1EE0-444C-87E3-21516524C3A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{474B4F23-6194-491E-9C3B-CFEDCF0532A3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{4C921127-0FB5-4A58-B698-DBD70653259E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CA0902C-2316-4332-A99E-66AB69B42351}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DEB917C-6C58-4106-A807-7B61E9BAE9D1}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{5D53BFDD-1F62-4315-93BF-565F2ADA3E68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77E36FED-56FF-411F-8DBE-AC0C07847D33}" = lport=139 | protocol=6 | dir=in | app=system |
"{8FFBCBAB-DF84-4FBA-BC37-A82C6E67ECD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{962DAE8A-948F-4679-9A92-AB01799242AB}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{9CAA0F2F-C4C2-46BD-A9EF-C90569EA0F69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9CFF9850-25D7-4D78-9CB6-B1F1167AD791}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A11EEC88-2702-41D1-8215-A7BD26BCED9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADB032F1-F532-4D58-A288-9161A8D9B0DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{B10C9EBC-2F70-4D89-A6F5-9447CA24DA39}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9E4DC91-2F1F-447E-B98E-6972178A62C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{C974D5F9-4DBB-4319-B80D-214D7ED62F7D}" = lport=3389 | protocol=6 | dir=in | app=system |
"{CC6D4070-BB98-4B6A-B76D-0637FEC9EA85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE242962-423D-453E-90D0-8BBADD0FC206}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{CFBDA274-F897-44E5-8F72-A6D7C30745B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3B0B3D2-665C-4646-9FE3-D519DCC6E85D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E58B0775-04ED-4FBD-B9E2-0A1A165CF4F9}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
"{EE14DC82-6405-4C8E-9F55-00C02D2A14D3}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005FE168-0A46-4A4D-AA5E-FF8D4999F511}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03F43074-49BC-417B-9C57-F088E554B1F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22015D80-2368-492E-9B98-56CA55CFD52B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{22BD3385-8044-4765-80D2-BBBF91A2563A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32E1BAB8-2366-4EFA-8A3E-B86B3AFFBB54}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{348CB537-CDDF-4DC3-9E09-48A6D138316A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BC8A62C-8DCF-45AE-8593-CA0FFB3F7054}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{507210A2-E0A3-4E74-8C19-5AE9882A6E8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{518E54AB-16A5-419F-B6D8-0EBA63AF2688}" = protocol=6 | dir=out | app=system |
"{58AB9EB9-92C5-4A04-8484-EDAAE05FA930}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60C9393F-72E7-4BA7-92DA-E5746FDF4040}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{723F2B3B-D5A9-42C2-9C54-ACD6D6AEF20C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{794B77B2-01DA-491F-BE01-AEE03438BAB3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{80EB64B6-34EA-439C-9730-B2B85ACCFEFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{841B9909-7E15-45D2-9FFA-40EDFAF3B7C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99FB841D-97BF-41C9-A50C-C2768614685F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A552B1B5-F612-4E70-9FF8-F1C4FBDB742F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA0CED43-B4B0-425E-8EFB-F6A834503079}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC5BD71E-F942-4132-B584-EDCCDC6DC395}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC7776DF-7516-4A5B-8226-48512060129F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB2790C8-B133-4CD5-8EB2-F1F42FADB769}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB6B1436-A411-4910-B4F3-2DB4CB32A701}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CBBB1CF2-9E53-4642-B6BB-F4313AC2A31F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D4B05D60-262A-46FC-997A-C23D09B8907A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E50EA183-F3F1-4831-947C-6C8500CEA09F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EAE4B714-368F-48C8-8FBB-CC7F137AD2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F0974363-7F5F-4D29-B850-85AC54F1CE21}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F41FE7C5-5ABC-4D2D-BA54-3B65A44B97D2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}" = HP LaserJet M2727 MFP Series 5.2
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.96
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{171194D2-75DA-4495-9F02-40EE46DA04AD}" = hppTLBXFXM2727
"{1B447566-C3EF-44FD-BE0E-6318CA927B51}" = StarMoney 7.0 apoEdition
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{34423B40-8F2F-4540-AA0C-D74377C58384}" = hppLaserJetService
"{360EC8D3-AA2E-42B4-AC52-FFA9A1C1C1E9}" = hppLJM2727
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite
"{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{62808FA4-CD22-4A2B-AD50-5053E3C9F6F8}" = hppFaxUtility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719DBB12-87A3-4103-BF5B-32BF72570068}" = hppScanTo
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{88B746D6-1956-4D98-BE82-46E45AAA5BC2}" = Garmin Training Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CA5A451-0962-4B1C-9078-A597867F73EB}" = hppSendFaxM2727
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{91A32CD1-96A5-41D0-BCE6-9CE25531A875}" = Olympus DSS Player Pro
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D5AEBC8-B77F-4623-9559-51BA62D34D38}" = calibre
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1D2A138-D53E-4D3F-B547-EA2277007746}" = Auerswald COMset 2.7.2
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvM2727
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V4.0 Build 6
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA171C-0CB6-48CE-85A9-178D17398665}" = hppManualsM2727
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF327022-B623-4B6A-C41D-411720425583}_is1" = Easy2Sync für Dateien 4.00
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF702322-B623-4B6A-B41D-411725582043}_is1" = Easy2Sync für Outlook 5.02
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F252204F-C7D9-4B5A-B0B2-CED865BD0D29}_is1" = INtex Fahrtenbuch 8
"{F374FE8A-F51A-41BC-8EF4-33526F69A044}" = hpzTLBXFX
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
"Astroburn Lite" = Astroburn Lite
"Avira AntiVir Desktop" = Avira Internet Security 2012
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Kalender-Excel-8.8.1_is1" = Kalender-Excel-8.8.1
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"K-PACS Workstation" = K-PACS Workstation
"Kursbuch der ärztlichen Begutachtung -ecomed- 06-2011_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 06-2011
"Kursbuch der ärztlichen Begutachtung -ecomed- 06-2012_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 06-2012
"Kursbuch der ärztlichen Begutachtung -ecomed- 12-2011_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 12-2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
"ST6UNST #1" = Produktaktivierung
"ST6UNST #2" = MevoTecLoader
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.6.0
"XnView_is1" = XnView 1.99.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"f031ef6ac137efc5" = Dell Driver Download Manager
"Sozialrecht 12.1" = Sozialrecht 12.1
"Sozialrecht 12.2" = Sozialrecht 12.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 07.12.2012 04:39:12 | Computer Name = xxxx-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 08.12.2012 00:53:38 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.12.2012 03:34:47 | Computer Name = xxxx-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.

Error - 08.12.2012 03:37:50 | Computer Name = xxxx-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 08.12.2012 11:09:58 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.12.2012 11:30:40 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.12.2012 00:30:18 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.12.2012 00:45:31 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.12.2012 01:20:57 | Computer Name = xxxx-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08.12.2012 11:09:53 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0

Error - 08.12.2012 11:09:53 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 08.12.2012 11:30:37 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0

Error - 08.12.2012 11:30:39 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 09.12.2012 00:30:15 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0

Error - 09.12.2012 00:30:19 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 09.12.2012 00:45:29 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0

Error - 09.12.2012 00:45:33 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 09.12.2012 01:20:57 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0

Error - 09.12.2012 01:20:59 | Computer Name = xxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 504PC USB" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

[ TuneUp Events ]
Error - 06.10.2012 05:41:07 | Computer Name = xxxx-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 06.10.2012 05:41:07 | Computer Name = xxxx-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >

Alt 10.12.2012, 15:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls - Standard

RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls



Hallo und

Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
         
Die Anwesenheit dieser Einträge in der Hosts-Datei sind ein deutliches Indiz dafür, dass du illegale Adobe-Software verwendest

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Antwort

Themen zu RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls
adobe, antivir, avg, avira, bho, bonjour, error, explorer, fehler, firefox, flash player, format, helper, install.exe, logfile, monitor.exe, mozilla, nvidia, nvidia update, nvpciflt.sys, olympus, probleme beim starten, registry, richtlinie, rundll, scan, security, server, starmoney, starten, svchost.exe, temp, thomas, unicode2.nls, windows



Ähnliche Themen: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls


  1. Windows7 141861-problem-beim-starten-c-users-benutzer-appdata-roaming-babsolution-shared-enhancednt-dll.html
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (16)
  2. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  3. problem beim starten von c users appdata roaming newnext.me nengine.dll
    Log-Analyse und Auswertung - 11.04.2014 (1)
  4. RunDll Fehler C:\Users\Jacky\AppData\Roaming\newnext.me\nengine.dll
    Log-Analyse und Auswertung - 27.03.2014 (11)
  5. Problem beim Starten. C:\Users\Benutzer\AppData\Roaming\BabSolution\Shared\EnhancedNT.dll
    Plagegeister aller Art und deren Bekämpfung - 18.10.2013 (15)
  6. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  7. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\C..\AppData\...\enhancedNT.dll Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 02.10.2013 (6)
  8. BDS/Delf.MN.19 in C:\Users\admin\AppData\Roaming\Microsoft\Windows\unicode2.nls und weitere...
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  9. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  10. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  11. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  12. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  13. RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll
    Log-Analyse und Auswertung - 22.08.2012 (16)
  14. RunDLL Fehler / Problem beim starten von C:/Users/.../AppData..
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. TR/Offend.kdv.495935 | C:\Users\****\AppData\Roaming\Microsoft\Windows\Templates\audiodi.exe
    Log-Analyse und Auswertung - 19.02.2012 (1)
  16. C:\Users\XXXX\AppData\Roaming\Emwoe\ovews.exe -- ein TR/Crypt.xpack.gen
    Log-Analyse und Auswertung - 05.05.2011 (4)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls - Hallo zusammen, seit einigen Tagen erscheint direkt nach dem Systemstart folgende Meldung: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls Nach dem Klick auf ok läuft alles scheinbar normal. Habe gegoogelt und - RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls...
Archiv
Du betrachtest: RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.