|   | Leinad L. | 16.03.2013 13:37 |  
 Groupon Trojaner. Windows 7. Keine offensichtlichen Probleme. Bereinigung gewünscht (keine Formatierung).
 Guten Tag, 
ich bin auf der Suche nach Hilfe und hoffe, diese hier zu finden. Ich habe bereits zwei andere threads zum Thema in diesem Forum entdeckt. Da ich nicht sicher bin, ob ich die Schritte nachmachen sollte, eröffne ich dieses Thema. Sollte ich mit einem der bestehenden threads arbeiten können, bitte ich um eine kurze Info.  
Chronik und Problemstellung: 
Letzte Woche hatte ich eine Spam-Mail mit einer angeblichen Groupon-Rechnung im Posteingang. Es war spät, ich war unaufmerksam und habe die Mail geöffnet, das angehängte Archiv geöffnet und die Datei darin angeklickt (ich weiß: doof doof doof!). Diese Spam-Welle ist im Netz bereits sehr bekannt. Was der Trojaner genau macht, konnte ich allerdings nicht herausfinden.  
Antivir hat danach immer wieder verdächtige Dateien gefunden. Ich habe immer entsprechende der Empfehlung "in Quarantäne verschieben" geklickt. Der Computer wurde parallel sehr langsam. Thunderbird und Firefox funktionierten quasi nicht mehr. Daraufhin habe ich eine Systemwiederherstellung (Status von 2 Tagen vor der Infizierung gemacht). Das System lief dann wieder rund. Antivir hat noch 2 Mal etwas gefunden. Dann aber in 2 Systemprüfungen gar nichts mehr. Die Warnmeldungen von Antivir und die Spam-Mail habe ich (leider) nicht mehr.  
Da ein ungutes Gefühl geblieben ist, habe ich dann aber keine Passwörter mehr auf dem Rechner eingegeben. Um ihn wieder normal benutzen zu können, möchte ich alles tun, um das System von allen Schädlingen zu befreien.  
Ich habe die Checkliste durchgelesen und die Schritte bereits ausgeführt. Hier die Ergebnisse:  
1. Schritt: defogger (hat Fehlermeldung ausgegeben):   Code: 
 defogger_disable by jpshortstuff (23.02.10.1)Log created at 21:54 on 15/03/2013 (Leinad)
 
 Checking for autostart values...
 HKCU\~\Run values retrieved.
 HKLM\~\Run values retrieved.
 
 Checking for services/drivers...
 
 
 -=E.O.F=-
 2. Schritt: Oldtimer  
OTL.txt:   Code: 
 OTL logfile created on: 15.03.2013 21:55:26 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leinad\Desktop
 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 Internet Explorer (Version = 9.10.9200.16521)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 3,92 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,10% Memory free
 7,83 Gb Paging File | 5,78 Gb Available in Paging File | 73,78% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
 Drive C: | 451,01 Gb Total Space | 127,17 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
 
 Computer Name: XPS-WAVE | User Name: Leinad | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2013.03.15 21:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leinad\Desktop\OTL.exe
 PRC - [2013.03.15 21:18:21 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 PRC - [2013.03.13 23:49:36 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
 PRC - [2013.02.12 19:11:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
 PRC - [2013.02.12 19:10:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 PRC - [2013.02.12 19:10:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
 PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Leinad\AppData\Roaming\Dropbox\bin\Dropbox.exe
 PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 PRC - [2012.06.08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 PRC - [2012.06.08 03:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
 PRC - [2011.11.01 15:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
 PRC - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
 PRC - [2011.10.27 10:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
 PRC - [2011.05.19 18:17:35 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
 PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 PRC - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 PRC - [2010.11.29 03:31:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 PRC - [2010.11.16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
 PRC - [2010.10.29 22:20:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
 PRC - [2010.08.21 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
 PRC - [2010.08.12 00:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2013.03.15 21:18:21 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 MOD - [2013.03.13 23:49:36 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
 MOD - [2013.02.13 02:25:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll
 MOD - [2013.01.11 22:27:11 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll
 MOD - [2013.01.11 22:26:07 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll
 MOD - [2013.01.11 22:26:01 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
 MOD - [2013.01.10 22:47:58 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
 MOD - [2013.01.10 22:47:47 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
 MOD - [2013.01.10 22:47:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
 MOD - [2013.01.10 22:47:40 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
 MOD - [2013.01.10 22:47:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
 MOD - [2013.01.10 22:47:35 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
 MOD - [2013.01.10 22:47:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
 MOD - [2013.01.10 22:47:33 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
 MOD - [2013.01.10 22:47:32 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
 MOD - [2013.01.10 22:47:27 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
 MOD - [2012.06.15 22:09:33 | 000,115,137 | ---- | M] () -- C:\Users\Leinad\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
 MOD - [2012.06.08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 MOD - [2011.11.01 15:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
 MOD - [2011.11.01 15:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
 MOD - [2011.11.01 15:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
 MOD - [2011.11.01 15:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
 MOD - [2011.11.01 15:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
 MOD - [2011.11.01 15:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
 MOD - [2011.11.01 15:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
 MOD - [2011.11.01 15:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
 MOD - [2011.11.01 15:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
 MOD - [2011.11.01 15:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
 MOD - [2011.11.01 15:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
 MOD - [2011.11.01 15:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
 MOD - [2011.11.01 15:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
 MOD - [2011.11.01 15:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
 MOD - [2011.11.01 15:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
 MOD - [2011.11.01 15:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
 MOD - [2011.11.01 15:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
 MOD - [2011.11.01 15:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
 MOD - [2011.11.01 15:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
 MOD - [2011.11.01 15:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
 MOD - [2011.11.01 15:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
 MOD - [2011.11.01 15:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
 MOD - [2011.11.01 15:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
 MOD - [2011.11.01 15:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
 MOD - [2011.11.01 15:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
 MOD - [2011.11.01 14:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
 MOD - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 MOD - [2010.11.29 03:31:24 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 MOD - [2010.08.12 00:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
 MOD - [2010.08.12 00:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
 MOD - [2010.08.12 00:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
 MOD - [2010.08.12 00:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
 MOD - [2010.08.12 00:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
 MOD - [2010.08.12 00:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
 MOD - [2010.08.12 00:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
 MOD - [2010.08.12 00:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
 ========== Services (SafeList) ==========
 
 SRV:64bit: - [2010.12.17 20:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
 SRV:64bit: - [2010.12.17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
 SRV:64bit: - [2010.12.17 20:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
 SRV:64bit: - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
 SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
 SRV:64bit: - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
 SRV:64bit: - [2009.09.14 06:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
 SRV:64bit: - [2009.09.14 06:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
 SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 SRV - [2013.03.15 21:18:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
 SRV - [2013.03.13 23:49:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
 SRV - [2013.02.12 19:11:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 SRV - [2013.02.12 19:10:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
 SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
 SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 SRV - [2011.05.19 18:17:35 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
 SRV - [2011.04.22 22:04:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
 SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
 SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
 SRV - [2010.11.30 03:04:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
 SRV - [2010.11.29 03:31:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 SRV - [2010.11.16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
 SRV - [2010.10.29 19:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
 SRV - [2010.09.04 07:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
 SRV - [2010.09.04 07:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
 SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
 SRV - [2010.08.21 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
 SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
 DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
 DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
 DRV:64bit: - [2012.05.21 03:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
 DRV:64bit: - [2012.05.21 03:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
 DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
 DRV:64bit: - [2011.08.17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
 DRV:64bit: - [2011.08.17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
 DRV:64bit: - [2011.08.17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
 DRV:64bit: - [2011.08.17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
 DRV:64bit: - [2011.08.17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
 DRV:64bit: - [2011.08.17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
 DRV:64bit: - [2011.05.19 18:17:37 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
 DRV:64bit: - [2011.05.19 18:17:37 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
 DRV:64bit: - [2011.05.19 18:17:37 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
 DRV:64bit: - [2011.04.22 21:50:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
 DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
 DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
 DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
 DRV:64bit: - [2010.12.22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
 DRV:64bit: - [2010.12.17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
 DRV:64bit: - [2010.12.15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
 DRV:64bit: - [2010.12.13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
 DRV:64bit: - [2010.12.12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
 DRV:64bit: - [2010.12.01 11:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
 DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
 DRV:64bit: - [2010.11.30 03:04:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
 DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
 DRV:64bit: - [2010.11.29 14:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
 DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
 DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
 DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
 DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
 DRV:64bit: - [2010.11.19 19:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
 DRV:64bit: - [2010.11.19 19:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
 DRV:64bit: - [2010.11.12 13:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
 DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
 DRV:64bit: - [2010.10.15 17:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
 DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
 DRV:64bit: - [2010.08.12 16:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
 DRV:64bit: - [2010.07.19 21:32:02 | 000,042,056 | ---- | M] (SUNPLUS TECHNOLOGY Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPCP825K.sys -- (SPCP825K)
 DRV:64bit: - [2010.07.13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
 DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
 DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
 DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
 DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
 DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
 DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
 DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
 DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
 DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
 DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
 DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
 DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6D2F58F1-92A6-47FF-85E4-C6B2FBDE44A7}
 IE:64bit: - HKLM\..\SearchScopes\{6D2F58F1-92A6-47FF-85E4-C6B2FBDE44A7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 IE - HKLM\..\SearchScopes,DefaultScope = {48C59CF0-BA73-42B6-970E-9050B060A8CE}
 IE - HKLM\..\SearchScopes\{48C59CF0-BA73-42B6-970E-9050B060A8CE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
 IE - HKCU\..\URLSearchHook:  - No CLSID value found
 IE - HKCU\..\SearchScopes,DefaultScope = {48C59CF0-BA73-42B6-970E-9050B060A8CE}
 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
 FF - prefs.js..browser.search.useDBForOrder: true
 FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
 FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.3.0.6
 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 FF - user.js - File not found
 
 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
 FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
 FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
 FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.04.02 03:00:29 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.04.02 03:00:31 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.04.02 03:01:14 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.06 23:14:27 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 21:18:21 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 00:15:18 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 21:18:21 | 000,000,000 | ---D | M]
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 00:15:18 | 000,000,000 | ---D | M]
 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
 [2011.04.17 18:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leinad\AppData\Roaming\mozilla\Extensions
 [2012.12.06 23:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leinad\AppData\Roaming\mozilla\Firefox\Profiles\exv34jjw.Standard-Benutzer\extensions
 [2012.08.03 02:31:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Leinad\AppData\Roaming\mozilla\Firefox\Profiles\exv34jjw.Standard-Benutzer\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
 [2013.03.04 18:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leinad\AppData\Roaming\mozilla\Firefox\Profiles\jne717zo.default\extensions
 [2013.03.04 18:42:17 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Leinad\AppData\Roaming\mozilla\Firefox\Profiles\jne717zo.default\extensions\formhistory@yahoo.com
 [2012.12.12 23:47:57 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Leinad\AppData\Roaming\mozilla\firefox\profiles\jne717zo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 [2013.03.09 12:17:27 | 000,000,950 | ---- | M] () -- C:\Users\Leinad\AppData\Roaming\mozilla\firefox\profiles\jne717zo.default\searchplugins\icqplugin-3.xml
 [2011.06.23 06:45:38 | 000,001,056 | ---- | M] () -- C:\Users\Leinad\AppData\Roaming\mozilla\firefox\profiles\jne717zo.default\searchplugins\icqplugin.xml
 [2013.03.15 21:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 [2013.03.15 21:18:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 [2013.03.15 21:18:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 [2012.01.16 20:42:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
 [2012.09.13 22:20:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 [2012.01.16 20:42:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
 [2012.01.16 20:42:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 [2012.01.16 20:42:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 [2012.01.16 20:42:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
 O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
 O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
 O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
 O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
 O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
 O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
 O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
 O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
 O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
 O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
 O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
 O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
 O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
 O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
 O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
 O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
 O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
 O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
 O4 - HKCU..\Run: []  File not found
 O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
 O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
 O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
 O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
 O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
 O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
 O4 - Startup: C:\Users\Leinad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Leinad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leinad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
 O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leinad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
 O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O1364bit: - gopher Prefix: missing
 O13 - gopher Prefix: missing
 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
 O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
 O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68A13FA4-D59B-44BA-BD6D-A0238D6C95AD}: DhcpNameServer = 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB347767-A7A1-488D-98DC-A3FBC95A77D0}: DhcpNameServer = 13.36.0.1 13.36.0.2
 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
 O18:64bit: - Protocol\Handler\livecall - No CLSID value found
 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
 O18:64bit: - Protocol\Handler\msnim - No CLSID value found
 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
 O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
 O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
 O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
 O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
 O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
 O32 - HKLM CDRom: AutoRun - 1
 O33 - MountPoints2\{89ef72fb-823a-11e0-bf3e-14feb5a0bc39}\Shell - "" = AutoRun
 O33 - MountPoints2\{89ef72fb-823a-11e0-bf3e-14feb5a0bc39}\Shell\AutoRun\command - "" = E:\AutoRun.exe
 O33 - MountPoints2\{89ef7307-823a-11e0-bf3e-14feb5a0bc39}\Shell - "" = AutoRun
 O33 - MountPoints2\{89ef7307-823a-11e0-bf3e-14feb5a0bc39}\Shell\AutoRun\command - "" = E:\AutoRun.exe
 O33 - MountPoints2\E\Shell - "" = AutoRun
 O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35:64bit: - HKLM\..comfile [open] -- "%1" %*
 O35:64bit: - HKLM\..exefile [open] -- "%1" %*
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
 O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2013.03.15 21:55:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leinad\Desktop\OTL.exe
 [2013.03.15 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 [2013.03.09 15:19:16 | 000,000,000 | ---D | C] -- C:\Users\Leinad\AppData\Local\Sonic_Solutions
 [2013.03.09 12:44:57 | 000,000,000 | ---D | C] -- C:\Users\Leinad\AppData\Roaming\Xyacr
 [2013.03.09 12:44:57 | 000,000,000 | ---D | C] -- C:\Users\Leinad\AppData\Roaming\Urufe
 [2013.03.09 12:44:57 | 000,000,000 | ---D | C] -- C:\Users\Leinad\AppData\Roaming\Abur
 [2013.02.21 00:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
 ========== Files - Modified Within 30 Days ==========
 
 [2013.03.15 21:55:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leinad\Desktop\OTL.exe
 [2013.03.15 21:53:31 | 000,000,000 | ---- | M] () -- C:\Users\Leinad\defogger_reenable
 [2013.03.15 21:53:04 | 000,050,477 | ---- | M] () -- C:\Users\Leinad\Desktop\Defogger.exe
 [2013.03.15 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
 [2013.03.15 21:19:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 [2013.03.15 21:17:30 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 [2013.03.15 21:17:30 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 [2013.03.15 21:14:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
 [2013.03.15 21:14:25 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
 [2013.03.15 21:14:25 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
 [2013.03.15 21:14:25 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
 [2013.03.15 21:14:25 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 [2013.03.15 21:10:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 [2013.03.15 21:09:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2013.03.15 21:09:46 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
 [2013.03.15 01:56:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
 [2013.03.15 01:56:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
 [2013.03.09 15:17:28 | 298,117,120 | ---- | M] () -- C:\Users\Leinad\Desktop\kav_rescue_10.iso
 [2013.03.02 15:22:57 | 000,011,264 | ---- | M] () -- C:\Users\Leinad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 ========== Files Created - No Company Name ==========
 
 [2013.03.15 21:53:31 | 000,000,000 | ---- | C] () -- C:\Users\Leinad\defogger_reenable
 [2013.03.15 21:53:04 | 000,050,477 | ---- | C] () -- C:\Users\Leinad\Desktop\Defogger.exe
 [2013.03.15 01:56:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
 [2013.03.15 01:56:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
 [2013.03.09 15:12:50 | 298,117,120 | ---- | C] () -- C:\Users\Leinad\Desktop\kav_rescue_10.iso
 [2012.12.27 14:43:29 | 000,000,845 | ---- | C] () -- C:\Users\Leinad\AppData\Local\recently-used.xbel
 [2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
 [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
 [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
 [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
 [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 [2012.04.21 19:38:39 | 000,004,096 | -H-- | C] () -- C:\Users\Leinad\AppData\Local\keyfile3.drm
 [2011.04.22 23:20:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 [2011.04.22 22:46:00 | 000,011,264 | ---- | C] () -- C:\Users\Leinad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 [2011.04.02 04:53:09 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 [2011.04.02 04:52:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
 [2011.04.02 04:52:30 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 [2011.04.02 04:52:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
 ========== ZeroAccess Check ==========
 
 [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment
 
 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free
 
 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Both
 
 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
 ========== LOP Check ==========
 
 [2013.03.09 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Abur
 [2011.05.08 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Amazon
 [2011.04.22 21:57:41 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\DAEMON Tools Lite
 [2013.03.15 21:11:19 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Dropbox
 [2012.12.06 23:14:31 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\DVDVideoSoft
 [2011.04.22 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\DVDVideoSoftIEHelpers
 [2012.03.25 20:44:05 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\elsterformular
 [2012.02.25 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\EPSON
 [2011.08.10 16:39:20 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\GMX
 [2011.12.12 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Nokia
 [2011.12.12 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Nokia Suite
 [2012.12.06 23:14:23 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\OpenCandy
 [2011.12.12 21:10:45 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\PC Suite
 [2012.06.15 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Samsung
 [2012.07.27 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Temp
 [2011.08.01 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Thunderbird
 [2012.12.06 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\TuneUp Software
 [2013.03.09 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Urufe
 [2013.03.09 12:44:57 | 000,000,000 | ---D | M] -- C:\Users\Leinad\AppData\Roaming\Xyacr
 
 ========== Purity Check ==========
 
 
 
 < End of report >
 Extras.txt:   Code: 
 OTL Extras logfile created on: 15.03.2013 21:55:26 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leinad\Desktop
 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 Internet Explorer (Version = 9.10.9200.16521)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 3,92 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,10% Memory free
 7,83 Gb Paging File | 5,78 Gb Available in Paging File | 73,78% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
 Drive C: | 451,01 Gb Total Space | 127,17 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
 
 Computer Name: XPS-WAVE | User Name: Leinad | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
 [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
 InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
 Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [explore] -- Reg Error: Value error.
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
 Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [explore] -- Reg Error: Value error.
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
 ========== Security Center Settings ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "cval" = 1
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 ========== Authorized Applications List ==========
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{00914825-2031-4ADE-B05B-555E87C7EE46}" = rport=139 | protocol=6 | dir=out | app=system |
 "{092222CF-D604-45BB-A0FB-2215D14F2795}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 "{0DEB4858-939D-4E6E-BF7F-F981ACA2515A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 "{0F58AC27-A94D-42E8-9D74-48A452356654}" = rport=445 | protocol=6 | dir=out | app=system |
 "{100F17BB-BBA1-42D0-940A-FE24F4DCAC94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 "{176966CA-7836-4647-9873-3EAD270B810E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 "{196D8583-4A86-4B2C-AD42-BCA30A363C10}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 "{26364658-4ADE-42E9-91C6-E75C4CB5EEAF}" = lport=445 | protocol=6 | dir=in | app=system |
 "{3AE92319-B3D0-4DE8-AF44-EE25C57F23EA}" = rport=138 | protocol=17 | dir=out | app=system |
 "{3CD73812-D81F-48F1-A5AD-F1E8506E43D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{3F4B3A0B-F09F-486F-AB81-CFD8D1D1A69D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 "{46021855-AD35-4976-9845-47F5B37F8F24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
 "{5246AF18-B130-4F99-9384-EBA1015657D7}" = lport=139 | protocol=6 | dir=in | app=system |
 "{642B57DB-68C8-402C-BE27-8B87F3A02124}" = rport=137 | protocol=17 | dir=out | app=system |
 "{68C55D01-055E-4D05-BEFF-6133DC849BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 "{736A3BA8-7BBE-4116-82D9-784A0CE1E5D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 "{8A7D3F76-6DD0-47B4-9B8D-4A09B0A4D93E}" = lport=2869 | protocol=6 | dir=in | app=system |
 "{92555D7B-E0A1-4D73-B1EF-CCD6A3AEC2DA}" = lport=10243 | protocol=6 | dir=in | app=system |
 "{98CC7855-65EE-4183-8B8E-D883ED1BE38B}" = lport=137 | protocol=17 | dir=in | app=system |
 "{9A9B8DF9-4471-41F1-8388-B9AB39A04FFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{A9F98F05-57E4-4469-B15E-B0B52F9CAF69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{AB5F2325-62A3-4C33-9176-FAD0960C54D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 "{BE48F8AB-8AD1-43EE-A40A-F5077E178D4F}" = lport=138 | protocol=17 | dir=in | app=system |
 "{EA412863-B99D-4539-995A-B84F078595F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{F77E41FD-BE4F-42E7-AEA2-C75D30C14FE2}" = rport=10243 | protocol=6 | dir=out | app=system |
 "{FA1FF7FD-D105-45E6-83E2-0B3F966EB9DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{05E7C732-9CF2-46DD-B87C-6C7DC27AD9BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 "{08818E51-0828-405C-ACD3-25DB4725562A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
 "{0A530DFE-E12F-458F-80A1-D9C808D70F65}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
 "{0A6AC642-F4C2-45B0-91D1-A8600E0CCF9C}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
 "{0E1B4A30-BFF4-4173-A00B-8A09AD8D75DD}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
 "{19580CB1-5B0C-4EDF-8A5F-F592DC2B5737}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 "{1A0C8BDF-DC0A-4BD4-96A1-43623E29CCD5}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
 "{1D79CFDF-6EEF-4466-93AC-32BD197EC19B}" = protocol=6 | dir=in | app=c:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe |
 "{2048A921-A2F4-4619-BFB4-02DD6AC36143}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
 "{20885998-7D9D-459F-9891-0805920091ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 "{28C909E8-320D-4F38-AE81-0117485EC321}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 "{2AF603CB-4191-4F4C-BCBF-7D579B5C630F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
 "{305FF9C2-2517-4D14-B15C-8F27F81EB5B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{344FF8B5-3929-4995-BC31-74D5CB44AFB3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
 "{3C903A72-22DA-4990-9683-87F2B137E5E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 "{45B04703-7F2A-4563-B1CE-CB9D40292F17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 "{4E71D67D-F0B8-4A37-B378-205CD063657C}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
 "{4F69D3C8-5123-474C-B4AB-5FF9C9C88BF6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
 "{4FF504FA-14E0-4170-81B7-D27EF1858278}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
 "{66C0F5A5-B641-435B-BB7D-9577AE0C9CA3}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
 "{6BEC7C81-92AC-4A20-A7F8-F4C10100B047}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{6DBEF383-932A-4D75-8B6B-6FF4CD88B946}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
 "{85AF6051-3628-4CDE-AEC2-7CD96E45D241}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
 "{8736C758-4725-490F-9A84-422B69B1FE09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{94AC660A-8D77-4361-BE52-89BA5BBA675D}" = protocol=6 | dir=out | app=system |
 "{94D703B0-C9DC-4F4B-B04F-F5B3716862D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{97CC4D24-4BB7-4AEA-A784-D3EB36F544E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 "{9D10D799-2695-4070-A414-01B8CCAA4EAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
 "{A1B2C16C-D6A9-4A5E-AADA-E445E72341A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{A2418BBE-4FCF-45AC-BCD0-1E589C5E6573}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{A2CD1C97-8765-4D7C-B4DB-210FBBF4DD73}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
 "{AF3571EC-11FC-43BA-8BF9-A96FABECE9A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{AF9FFD71-F0F7-4CC1-B3A5-8BF2E11BF7CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{B24FB869-716F-472F-849B-89370F6E7E09}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
 "{BB7249FC-AF61-4EC3-AE30-5F4790F3E391}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
 "{BCD8BB98-1DBD-4F28-86E8-66600D0ACCE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 "{BEC9396F-93E5-4D5F-B05C-EEFEE44CF666}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
 "{BF3D2B30-9B03-4D26-9F83-ACDE5B4F5C8F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
 "{CC0797E6-355D-4D02-906E-3DCC181812E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
 "{CEA13EFD-C489-4022-8A58-581F5315C526}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
 "{D18E05B5-B69E-4384-B0D2-4A20253508E1}" = protocol=17 | dir=in | app=c:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe |
 "{EB2B0E23-4FFD-4BF6-AB58-A67574151373}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 "{F4851413-F954-48D6-A126-1EDFA6DC3266}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 "{F902A8B3-AB92-4D1E-A685-0CCE421837B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
 "TCP Query User{0AD58081-B6B8-402E-85E2-09337BE8EF31}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 "TCP Query User{21B0475E-5A65-4670-91F6-09A3B46791F7}C:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe |
 "UDP Query User{21ACF8C2-D9AA-4624-880E-77E964DB59DB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 "UDP Query User{CF51CA1A-EA9D-4423-869F-18C69394E8E1}C:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\leinad\appdata\roaming\dropbox\bin\dropbox.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
 "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
 "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
 "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
 "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
 "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 265.94
 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.94
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.94
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
 "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
 "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
 "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
 "20986CDBFBCA238AA12329A115B1CC9D88E9C06C" = Windows-Treiberpaket - Sunplus (SPCP825K) Ports  (07/01/2010 1.0.9.0)
 "Dell Support Center" = Dell Support Center
 "EPSON SX525WD Series" = Druckerdeinstallation für EPSON SX525WD Series
 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
 "GIMP-2_is1" = GIMP 2.8.2
 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "ProInst" = Intel PROSet Wireless
 "SynTPDeinstKey" = Synaptics Pointing Device Driver
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
 "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
 "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
 "{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
 "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
 "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
 "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
 "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
 "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
 "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
 "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
 "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
 "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
 "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
 "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
 "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{9A766E33-BB01-480F-ABFC-424B8AC11212}" = Amazon Cloud Drive
 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
 "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
 "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
 "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
 "{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
 "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
 "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
 "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
 "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
 "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
 "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
 "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
 "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
 "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
 "Advanced Audio FX Engine" = Advanced Audio FX Engine
 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
 "Avira AntiVir Desktop" = Avira Free Antivirus
 "DAEMON Tools Lite" = DAEMON Tools Lite
 "Dell Webcam Central" = Dell Webcam Central
 "ElsterFormular für Privatanwender 12.2.2.6665p" = ElsterFormular für Privatanwender
 "ENTERPRISE" = Microsoft Office Enterprise 2007
 "EPSON Scanner" = EPSON Scan
 "EPSON SX525WD Series Manual" = EPSON SX525WD Series Handbuch
 "EPSON SX525WD Series Network Guide" = EPSON SX525WD Series Netzwerk-Handbuch
 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
 "GMX ProfiFax" = GMX ProfiFax
 "GPS Master_is1" = GPS Master 1.2.0.0
 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
 "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
 "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
 "Mobile Partner" = Mobile Partner
 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
 "Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
 "MozillaMaintenanceService" = Mozilla Maintenance Service
 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo
 "Nokia Suite" = Nokia Suite
 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
 "Uninstall_is1" = Uninstall 1.0.0.1
 "VLC media player" = VLC media player 2.0.5
 "WinLiveSuite" = Windows Live Essentials
 "WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
 ========== HKEY_CURRENT_USER Uninstall List ==========
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "Dropbox" = Dropbox
 
 ========== Last 20 Event Log Errors ==========
 
 [ Application Events ]
 Error - 27.06.2012 01:07:14 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0x98c  Startzeit der fehlerhaften Anwendung: 0x01cd5422ae17ca60  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 f4bfc689-c015-11e1-8b5e-14feb5a0bc39
 
 Error - 28.06.2012 14:36:31 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0x994  Startzeit der fehlerhaften Anwendung: 0x01cd555ce622da55  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 2dbb417a-c150-11e1-942b-14feb5a0bc39
 
 Error - 29.06.2012 14:40:29 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01cd56269f74483f  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 e61ea5c8-c219-11e1-bf21-14feb5a0bc39
 
 Error - 30.06.2012 03:43:00 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0xb8c  Startzeit der fehlerhaften Anwendung: 0x01cd5693ef7c0759  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 36e995b8-c287-11e1-bf29-14feb5a0bc39
 
 Error - 30.06.2012 07:17:33 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0xa24  Startzeit der fehlerhaften Anwendung: 0x01cd56b1e8d56872  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 2f9c567f-c2a5-11e1-9c48-14feb5a0bc39
 
 Error - 30.06.2012 15:41:39 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.12.6594,
 Zeitstempel: 0x4cf3868e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000051273
 ID
 des fehlerhaften Prozesses: 0x510  Startzeit der fehlerhaften Anwendung: 0x01cd56b1e1f98baf
 Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 9bcb2341-c2eb-11e1-9c48-14feb5a0bc39
 
 Error - 09.07.2012 13:02:16 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0x960  Startzeit der fehlerhaften Anwendung: 0x01cd5df48ebefaa2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 d590a6a9-c9e7-11e1-8bf9-14feb5a0bc39
 
 Error - 11.07.2012 13:58:24 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0x8c8  Startzeit der fehlerhaften Anwendung: 0x01cd5f8eb936d300  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 01af499f-cb82-11e1-bb77-14feb5a0bc39
 
 Error - 15.07.2012 13:21:01 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0xa58  Startzeit der fehlerhaften Anwendung: 0x01cd62ae2ba7ab21  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 7267750c-cea1-11e1-9cf9-14feb5a0bc39
 
 Error - 16.07.2012 13:01:03 | Computer Name = XPS-Wave | Source = Application Error | ID = 1000
 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.0.9.0, Zeitstempel:
 0x4cf3830f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000be85  ID des fehlerhaften Prozesses:
 0xa04  Startzeit der fehlerhaften Anwendung: 0x01cd63748b3eaa96  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 Berichtskennung:
 d2b5be76-cf67-11e1-9cfb-14feb5a0bc39
 
 [ Dell Events ]
 Error - 05.11.2012 13:58:34 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 05.11.2012 14:58:46 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 05.11.2012 14:58:46 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 07.11.2012 19:28:37 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 07.11.2012 19:28:37 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 19.11.2012 19:31:38 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 19.11.2012 19:31:39 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 23.11.2012 13:50:04 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 23.11.2012 13:50:04 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 Error - 28.12.2012 15:35:05 | Computer Name = XPS-Wave | Source = DataSafe | ID = 17
 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
 [ System Events ]
 Error - 15.03.2013 15:34:22 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7009
 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
 Error - 15.03.2013 15:34:22 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7000
 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 Error - 15.03.2013 15:34:44 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7034
 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 Error - 15.03.2013 15:36:42 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7009
 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
 Error - 15.03.2013 15:36:42 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7000
 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 Error - 15.03.2013 15:36:56 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7023
 Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%14
 
 Error - 15.03.2013 15:37:03 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7034
 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 Error - 15.03.2013 16:10:05 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7009
 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
 Error - 15.03.2013 16:10:05 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7000
 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 Error - 15.03.2013 16:10:22 | Computer Name = XPS-Wave | Source = Service Control Manager | ID = 7034
 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
 < End of report >
 3. Schritt: gmer (beim ersten Versuch kam ein bluescreen. beim zweiten hat es funktioniert)  
gmer.txt   Code: 
 GMER 2.1.19155 - hxxp://www.gmer.netRootkit scan 2013-03-15 23:02:29
 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB
 Running: gmer_2.1.19155.exe; Driver: C:\Users\Leinad\AppData\Local\Temp\kwtyipow.sys
 
 
 ---- User code sections - GMER 2.1 ----
 
 .text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       00000000776f1465 2 bytes [6F, 77]
 .text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000776f14bb 2 bytes [6F, 77]
 .text  ...                                                                                                                                                  * 2
 .text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4004] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                      00000000777bf85a 1 byte [C3]
 .text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4004] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32  000000006d609380 4 bytes [C8, 10, 01, 10]
 .text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               00000000776f1465 2 bytes [6F, 77]
 .text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000776f14bb 2 bytes [6F, 77]
 .text  ...                                                                                                                                                  * 2
 .text  C:\Users\Leinad\AppData\Roaming\Dropbox\bin\Dropbox.exe[4104] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                00000000776f1465 2 bytes [6F, 77]
 .text  C:\Users\Leinad\AppData\Roaming\Dropbox\bin\Dropbox.exe[4104] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                               00000000776f14bb 2 bytes [6F, 77]
 .text  ...                                                                                                                                                  * 2
 
 ---- Registry - GMER 2.1 ----
 
 Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8447E5A9-1313-428F-A735-FDCBE0D75BBC}\Connection@Name          isatap.{0425B8D3-5B44-45D6-933D-F6B59D87C0D1}
 Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8447E5A9-1313-428F-A735-FDCBE0D75BBC}@InterfaceName                               isatap.{0425B8D3-5B44-45D6-933D-F6B59D87C0D1}
 Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8447E5A9-1313-428F-A735-FDCBE0D75BBC}@ReusableType                                0
 
 ---- EOF - GMER 2.1 ----
 Ich hoffe, ich habe alles einigermaßen richtig gemacht. Meine Computerkenntnisse gehen nicht weiter über den Alltagsgebrauch hinaus. Es wäre prima, wenn ich den Computer mit eurer Hilfe wieder iO bekomme :abklatsch: . Danke schonmal fürs Lesen!  
Viele Grüße 
Leinad L. |