Ergebnis 1 bis 9 von 9

Thema: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebende Be

  1. #1
    Einsteiger Avatar von Carla G.
    Registriert seit
    08.05.2012
    Beiträge
    5

    Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebende Be

    Wäre schön wenn sich das mal jemand anschauen könnte, Lieben Dank vorab ! C.

    Problembeschreibung:
    Also, mein problem ist das der Computer sehr lange zum Starten braucht, vom anmelden bis zum anzeigen der Icons
    dauert dies nochmal ca. 2 min. und die Festplatte ackert wie blöde, ich habe den Eindruck
    das hier riesige Datenmengen beackert werden, auch wenn alle Icons dann zu sehen sind dauert es lange bis
    der PC einen Befehl annimmt und auch ausführt, es läuft auch weiterhin danach sehr zäh mit extremen Aktivitäten der Festplatte.

    Ergebnis Malwarebytes
    Code:
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    
    Datenbank Version: v2012.05.09.04
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Coleman :: COLEMANCOMPUTER [Administrator]
    
    09.05.2012 17:56:22
    mbam-log-2012-05-09 (17-56-22).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 472807
    Laufzeit: 1 Stunde(n), 30 Minute(n), 14 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien: 1
    C:\Users\Coleman\Downloads\SoftonicDownloader_fuer_pc-wizard.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    (Ende)
    OTL
    Code:
    OTL logfile created on: 09.05.2012 19:30:45 - Run 1
    OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Coleman\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,03% Memory free
    16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,59% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931,41 Gb Total Space | 589,25 Gb Free Space | 63,26% Space Free | Partition Type: NTFS
    Drive F: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
    Drive G: | 3,78 Gb Total Space | 0,28 Gb Free Space | 7,49% Space Free | Partition Type: FAT32
    Drive P: | 465,76 Gb Total Space | 456,58 Gb Free Space | 98,03% Space Free | Partition Type: NTFS
     
    Computer Name: COLEMANCOMPUTER | User Name: Coleman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Coleman\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe (MAGIX AG)
    PRC - C:\Program Files (x86)\MAGIX\PC_Live\MxTray.exe (MAGIX AG)
    PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
    PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
    PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
    PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
    PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
    PRC - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MFL_U_VC9.dll ()
    MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
    MOD - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\PlayRIpl.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (MAGIX StartUp Analyze Service) -- C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe (MAGIX AG)
    SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
    SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
    SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
    SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
    SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
    SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
    DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
    DRV:64bit: - (vidsflt61) Acronis Disk Storage Filter (61) -- C:\Windows\SysNative\drivers\vsflt61.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
    DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
    DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
    DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
    DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (vidsflt58) Acronis Disk Storage Filter (58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis)
    DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
    DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
    DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
    DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
    DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
    DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
    DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
    DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (WimFltr) -- C:\Windows\SysWOW64\drivers\WimFltr.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=hp&babsrc=lnkry_nt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 D3 71 A8 1C 59 CC 01  [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Coleman\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.10 09:04:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.15 09:05:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2011.06.02 20:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleman\AppData\Roaming\mozilla\Extensions
    [2012.05.07 16:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions
    [2011.12.24 15:21:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011.12.30 15:35:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012.03.21 19:17:07 | 000,000,000 | ---D | M] (Complete YouTube Saver) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
    [2011.07.04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    [2012.03.30 11:03:27 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\support@lastpass.com
    [2012.04.10 09:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.04.10 09:04:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011.11.09 20:46:52 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.11.09 20:46:52 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011.11.09 20:46:52 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2011.11.09 20:46:52 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.11.02 20:15:48 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.11.09 20:46:52 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Coleman\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: ColorZilla = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.2_0\
    CHR - Extension: YouTube = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google-Suche = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: The QR Code Generator = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.2_0\
    CHR - Extension: Cr!Box = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp\2.3_0\
    CHR - Extension: LastPass = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\
    CHR - Extension: TiltShiftMaker = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
    CHR - Extension: komoot = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgbaicglaiooophhbkpkdhpglkbhohb\1.0.2_0\
    CHR - Extension: WonTube Video Converter = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlhcllbknkijepekbafagpbniolfcmme\1.0.7_0\
    CHR - Extension: Google Mail = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    Hosts file not found
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
    O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B93DF46-CC91-4DF7-82F3-BAA254303040}: DhcpNameServer = 193.189.244.225 193.189.244.206
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C55AE5F-85E4-4029-90B9-0E009F40CEB1}: DhcpNameServer = 192.168.178.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.05.09 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Koffer
    [2012.05.09 18:05:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Coleman\Desktop\OTL.exe
    [2012.05.07 19:57:39 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Steuer
    [2012.05.07 16:47:24 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\elsterformular
    [2012.05.07 16:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
    [2012.05.07 16:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
    [2012.05.07 16:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
    [2012.05.06 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Vorlagen
    [2012.05.06 18:29:28 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Doku
    [2012.05.06 18:26:35 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Grafik
    [2012.05.06 18:26:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Systeme
    [2012.05.06 18:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012.05.06 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012.05.06 18:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012.05.06 17:45:12 | 000,000,000 | ---D | C] -- C:\AMD
    [2012.05.06 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2012.05.06 15:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
    [2012.05.06 12:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    [2012.05.03 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
    [2012.04.29 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\2012-04-29
    [2012.04.29 09:15:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\OnDemandDump
    [2012.04.29 09:15:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\CrashLog
    [2012.04.28 18:58:59 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\MAGIX
    [2012.04.28 18:58:10 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\MAGIX_MxTray
    [2012.04.28 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\OnDemandDump
    [2012.04.28 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\CrashLog
    [2012.04.28 18:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
    [2012.04.28 18:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
    [2012.04.20 19:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
    [2012.04.20 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
    [2012.04.20 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\My ISO Files
    [2012.04.13 11:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Mein Geld 2012
    [2012.04.12 16:09:13 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\Smart PC Solutions
    [2012.04.11 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\ULTRAISO portable
    [2012.04.11 12:49:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012.04.11 12:49:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012.04.11 12:49:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012.04.11 12:46:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2012.04.11 12:46:34 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
    [2012.04.11 12:46:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012.04.11 10:50:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012.04.11 10:50:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012.04.11 10:50:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012.04.11 10:50:45 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012.04.11 10:50:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012.04.11 10:50:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012.04.11 10:50:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.05.09 19:35:54 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.05.09 19:35:54 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.05.09 19:28:40 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\MxTray.job
    [2012.05.09 19:28:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.05.09 19:28:21 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
    [2012.05.09 19:21:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.05.09 19:09:39 | 001,635,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.05.09 19:09:39 | 000,705,208 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.05.09 19:09:39 | 000,659,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.05.09 19:09:39 | 000,151,702 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.05.09 19:09:39 | 000,123,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.05.09 18:54:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job
    [2012.05.09 18:39:46 | 000,091,548 | ---- | M] () -- C:\Users\Coleman\Desktop\12611163.jpg
    [2012.05.09 18:16:23 | 000,385,506 | ---- | M] () -- C:\Users\Coleman\Desktop\retro.jpg
    [2012.05.09 18:15:47 | 000,406,878 | ---- | M] () -- C:\Users\Coleman\Desktop\12783138.jpg
    [2012.05.09 18:13:02 | 000,198,715 | ---- | M] () -- C:\Users\Coleman\Desktop\27865511.jpg
    [2012.05.09 18:10:00 | 000,386,692 | ---- | M] () -- C:\Users\Coleman\Desktop\24661028.jpg
    [2012.05.09 18:05:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Coleman\Desktop\OTL.exe
    [2012.05.08 19:17:22 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2012.05.08 19:17:22 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2012.05.07 16:43:04 | 000,033,223 | ---- | M] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012
    [2012.05.07 16:43:02 | 000,033,223 | ---- | M] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012_Backup
    [2012.05.07 15:59:56 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung Plus 2012.lnk
    [2012.05.06 15:54:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job
    [2012.05.06 15:50:31 | 000,002,418 | ---- | M] () -- C:\Users\Coleman\Desktop\Google Chrome.lnk
    [2012.05.06 15:36:32 | 000,000,030 | ---- | M] () -- C:\Windows\PCCT.INI
    [2012.05.06 12:53:19 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2012.04.29 20:21:12 | 000,029,264 | ---- | M] () -- C:\Users\Coleman\.recently-used.xbel
    [2012.04.29 17:06:14 | 000,428,460 | ---- | M] () -- C:\Users\Coleman\Desktop\Springseilparade-2-a27784242.jpg
    [2012.04.29 10:50:43 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
    [2012.04.23 16:37:02 | 000,001,156 | ---- | M] () -- C:\Users\Coleman\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.04.20 19:09:53 | 202,553,344 | ---- | M] () -- C:\Users\Coleman\Desktop\20120420_190921.iso
    [2012.04.14 14:11:55 | 000,458,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.04.11 14:56:33 | 000,025,600 | ---- | M] () -- C:\Users\Coleman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.04.11 11:45:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.04.11 11:45:57 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
     
    ========== Files Created - No Company Name ==========
     
    [2012.05.09 18:39:47 | 000,091,548 | ---- | C] () -- C:\Users\Coleman\Desktop\12611163.jpg
    [2012.05.09 18:16:30 | 000,385,506 | ---- | C] () -- C:\Users\Coleman\Desktop\retro.jpg
    [2012.05.09 18:15:49 | 000,406,878 | ---- | C] () -- C:\Users\Coleman\Desktop\12783138.jpg
    [2012.05.09 18:13:04 | 000,198,715 | ---- | C] () -- C:\Users\Coleman\Desktop\27865511.jpg
    [2012.05.09 18:10:06 | 000,386,692 | ---- | C] () -- C:\Users\Coleman\Desktop\24661028.jpg
    [2012.05.07 16:41:58 | 000,033,223 | ---- | C] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012_Backup
    [2012.05.07 16:41:58 | 000,033,223 | ---- | C] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012
    [2012.05.07 15:59:56 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung Plus 2012.lnk
    [2012.05.06 17:16:27 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.05.06 15:50:45 | 000,001,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012.05.06 15:49:30 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job
    [2012.05.06 15:49:29 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job
    [2012.05.06 15:36:33 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\MxTray.job
    [2012.05.06 12:53:19 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2012.04.29 20:21:12 | 000,029,264 | ---- | C] () -- C:\Users\Coleman\.recently-used.xbel
    [2012.04.29 17:06:24 | 000,428,460 | ---- | C] () -- C:\Users\Coleman\Desktop\Springseilparade-2-a27784242.jpg
    [2012.04.29 09:24:02 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
    [2012.04.29 09:15:45 | 000,000,030 | ---- | C] () -- C:\Windows\PCCT.INI
    [2012.04.20 19:09:53 | 202,553,344 | ---- | C] () -- C:\Users\Coleman\Desktop\20120420_190921.iso
    [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012.03.10 16:54:27 | 000,001,590 | ---- | C] () -- C:\Users\Coleman\AppData\Roaming\MyMicroBalanceConfig.ini
    [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012.02.22 20:36:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012.02.01 21:10:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2012.01.02 15:31:06 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
    [2012.01.02 15:31:06 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
    [2011.12.19 13:56:52 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
    [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011.09.11 18:30:26 | 001,612,698 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.08.22 19:48:16 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
    [2011.08.12 19:20:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.06.19 18:38:44 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
    [2011.06.11 14:46:35 | 000,025,600 | ---- | C] () -- C:\Users\Coleman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0574215C
    
    < End of report >
    Extras von OTL
    Code:
    OTL Extras logfile created on: 09.05.2012 19:30:45 - Run 1
    OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Coleman\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,03% Memory free
    16,00 Gb Paging File | 14,33 Gb Available in Paging File | 89,59% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931,41 Gb Total Space | 589,25 Gb Free Space | 63,26% Space Free | Partition Type: NTFS
    Drive F: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
    Drive G: | 3,78 Gb Total Space | 0,28 Gb Free Space | 7,49% Space Free | Partition Type: FAT32
    Drive P: | 465,76 Gb Total Space | 456,58 Gb Free Space | 98,03% Space Free | Partition Type: NTFS
     
    Computer Name: COLEMANCOMPUTER | User Name: Coleman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07283E50-E166-40DF-8B0C-BA2245367AA1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{09CACE54-AC65-4387-9F87-2C1CDB5B0151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{10D5919B-9A51-4D9B-BE5E-7E71AE255979}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{25D335B4-0782-4559-9A4A-CCE3CF3FFBAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{2F6D21F9-07BC-4AE6-9136-0353051CBC6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{31841CDC-9874-4FC6-82F5-D3D776AD93BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
    "{34BC72B5-7847-4509-9A77-99519FA75F62}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{37500AF3-D467-47CB-BC06-CEF4CB8D8294}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{37843975-E485-4848-A7A6-EC6AFA1D76C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{4B2F847D-A8AE-4ECD-8C27-D638D122E74B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{4BE7E181-4112-4498-B032-841D4C22A168}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{4FF5BEB5-16E8-4429-9AD4-1959FD6690F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{52C251FD-81AB-4EC6-ADE0-1B7554D40F0C}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{5D224DCE-6DB5-4871-9E9B-C56032FA24A5}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{71342CCA-E0DA-4984-BB21-E199F3D985D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{85B223CC-FBE4-4293-8F9C-1AEA58F6ED3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{8702171E-AE23-4983-AE77-D9C805830B94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{8E7FE7EB-19BE-4827-BF43-A47C35B77FC1}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{92134E39-64AD-4C02-9099-27C0F833B6A1}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{9266F24F-F32E-46AA-AC47-F1B319162A31}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{B4E09CF8-0E67-4572-BAED-67254224E616}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{CB0BD748-4186-4C60-8EBE-F005461248C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{DAEB5191-08E8-4BD3-A774-E829DCCFD86F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
    "{E04A4AF7-6759-4F58-8BA9-3A3C2E3F38B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{EC2DE6F6-F05F-436A-AE8C-CC03CCC72614}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{EC7F3077-CE79-492B-8294-9EF6F53C5D27}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{F8F42E03-EC38-4057-8E6F-AD843A79B513}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{111E2DFE-2C82-4835-927F-C9EB26DAA664}" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "{18B7C1A0-C571-40A1-8B4D-E2F39677A58C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{262D0E61-9744-4D7F-A851-6FC76EDBB6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{2F58FEED-482E-4F90-B4C5-5707BC3ED9D8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{317E1D87-EE26-4F8A-BBA0-B8284A8DB278}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{3E423548-8503-483F-A84B-7444FF750B28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{49FBDD15-9F79-46E9-A69B-E6F7FD49B211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{54BC8A68-AE8C-4392-A602-A008FF4025BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{67403424-C118-45C7-A9BF-420C154577F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{753F5284-8AA4-45E4-9F55-3502AE429635}" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "{85AB70C4-CD39-40E7-B95D-408AA6EECD52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8D25A05F-248A-41A7-A033-46BA1EE97A5E}" = protocol=6 | dir=out | app=system | 
    "{A835B4D4-0FA4-467F-9C4B-0849AB7F5899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{B79CB615-B801-454F-9EBA-EE9ADDB27151}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{B86152EC-543B-4463-AE5F-8A9C35683706}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{BC57E575-5FBE-47E1-8E63-C02B7FFF4244}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{CD67148B-AE4B-47A3-B6F4-B508B6D398E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{D03F1936-5E65-466A-A3CF-54DC37BD0D32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D0D7BCBA-8148-4861-B21F-5A46F0AFC8D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{D2CC2504-F7DF-453E-9925-A9922F65C469}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{D4DAB975-FD6F-4E3B-B7F8-19CBCFBD9F03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{DA54F5B4-06F5-449F-B501-29ED6FC548C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{DA9AE7B3-AF62-4EC2-98EB-AFECBE0B848C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{E11E9BC1-C4AF-412B-ABEB-78F0EB37DF40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{E4D6D1C8-C501-42CB-9FCF-1571C85104EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{E7E2B773-C1A4-4FB4-BF83-9B23459AF36E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{EDE28991-8A4F-49CC-B1C5-5D1D7D25BDB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{F6A95083-82AE-4D1C-A6C6-021658238B39}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "TCP Query User{076EE15A-2474-44A5-A15B-94039170FE28}C:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "TCP Query User{45534C71-8531-40FD-81A4-E36DD737605A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{7A4EC3F0-629F-4968-8D23-253E424173C3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
    "TCP Query User{B3CDC3D7-871C-4A35-B9AB-4D2445D4F2B9}C:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
    "TCP Query User{D87F52B1-BDCD-45C2-BEF5-0F9BD01B6924}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "TCP Query User{FA1DA48E-640A-4FE7-845C-09620FF3B97D}C:\program files (x86)\tapinradio\tapinradio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tapinradio\tapinradio.exe | 
    "UDP Query User{202DB9EC-CDE0-4033-BA76-4468FB608285}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{2CD7DC99-5BDF-4F3D-B6DD-0305254F30E6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
    "UDP Query User{5959D9CC-A387-44F5-8F49-0DB6A54B55E6}C:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
    "UDP Query User{BB498050-7E36-458B-B5D8-99B250205A28}C:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "UDP Query User{C49585C9-6A1A-42F2-82D2-9F8C4C80697F}C:\program files (x86)\tapinradio\tapinradio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tapinradio\tapinradio.exe | 
    "UDP Query User{FEA4ED1E-C58C-4F30-97F7-FE9B7EECCB60}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
    "{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
    "{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
    "{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8001A0F-C0E6-4593-88AB-F2FB726C274E}" = Nuance PDF Converter Professional 7
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "NVIDIA Drivers" = NVIDIA Drivers
    "PDF-XChange 3_is1" = PDF-XChange 3
    "PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
    "PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
    "{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C18DC47-29D9-4D30-AFD0-739BFC628A5E}" = MAGIX PC Check & Tuning 2012 Download-Version
    "{0f571b70-6401-48cd-945d-45e2e8b559f8}" = Image Resizer for Windows
    "{1002A380-2026-11E1-A67B-F04DA23A5C58}" = MSVCRT Redists
    "{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo ( Version 1.1.0 )
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2c2f4c57-83a8-4790-a281-e83d306a9199}" = Gigaset QuickSync
    "{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
    "{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney
    "{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
    "{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39FCD08F-E311-4959-84B9-1012023724B9}" = Sunny Explorer
    "{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
    "{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
    "{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
    "{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
    "{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
    "{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
    "{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}" = Acronis*True*Image*Home 2012
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DC2C824-0D75-42C1-BECB-C5583676D253}" = The Panorama Factory V5 m32 Edition
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5B461E1D-1DB0-0BB2-132F-D77C56838FF3}" = Catalyst Control Center InstallProxy
    "{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
    "{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
    "{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
    "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
    "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
    "{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
    "{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
    "{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
    "{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7D5B3580-A948-4B2B-BB96-E395C59C3712}" = MAGIX PC Live
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86FA7865-F1BB-4BDA-B296-4120684A692C}" = WISO Mein Geld 2012 Standard
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}" = Google Drive
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
    "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
    "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
    "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
    "{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
    "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
    "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
    "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
    "{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1FD6060-8DF9-4C67-AF5E-7D25A54D1854}" = Mindjet MindManager 2012
    "{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
    "{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
    "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D97E078B-38A1-40CB-9539-767813BEFF01}" = MAGIX Screenshare
    "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
    "{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
    "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
    "{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F8001A0F-C0E6-4593-88AB-F2FB726C274E}" = Nuance PDF Converter Professional 7
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
    "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
    "Anti-Twin 2011-06-11 15.08.45" = Anti-Twin (Installation 06.05.2012)
    "Artisteer 3" = Artisteer 3
    "Audacity_is1" = Audacity 1.2.6
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "AVMFBox" = AVM FRITZ!Box Dokumentation
    "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
    "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
    "ElsterFormular 13.2.0.8623u" = ElsterFormular
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader_is1" = Foxit Reader
    "FreeFileSync" = FreeFileSync v5.3
    "HDR Efex Pro" = HDR Efex Pro
    "IrfanView" = IrfanView (remove only)
    "JDownloader" = JDownloader
    "MAGIX_MSI_PC_Check_Tuning_2012" = MAGIX PC Check & Tuning 2012 Download-Version
    "MAGIX_MSI_PC_Live" = MAGIX PC Live
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
    "Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.15
    "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
    "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
    "MyLogoMaker_is1" = MyLogoMaker 3.0
    "Notepad++" = Notepad++
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "Picasa 3" = Picasa 3
    "PrintKey2000" = PrintKey2000
    "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "shop to date 7 basic_is1" = DATA BECKER shop to date 7 basic
    "TapinRadio_is1" = TapinRadio 1.36.2
    "TrueCrypt" = TrueCrypt
    "UltraISO_is1" = UltraISO Premium V9.36
    "VLC media player" = VLC media player 1.1.11
    "WinGimp-2.0_is1" = GIMP 2.6.12
    "WinLiveSuite" = Windows Live Essentials
    "WISO Mein Geld 2012 Standard" = WISO Mein Geld 2012 Standard
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
    "Google Chrome" = Google Chrome
    "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
    "Skat-Online V9" = Skat-Online V9
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 08.05.2012 15:26:38 | Computer Name = ColemanComputer | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
     Zeitstempel: 0x4e31d81e  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
     Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
    ID
     des fehlerhaften Prozesses: 0x744  Startzeit der fehlerhaften Anwendung: 0x01cd2d3e46c98a80
    Pfad
     der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    Pfad
     des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    Berichtskennung:
     bace2c30-9943-11e1-b873-5c13040498fb
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 09.05.2012 12:17:06 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    [ System Events ]
    Error - 01.01.2012 14:35:17 | Computer Name = ColemanComputer | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
     "\\?\Volume{5b701c37-e103-11e0-821b-003067a735e8}" können nicht gelesen werden.
     
    Error - 01.01.2012 14:35:18 | Computer Name = ColemanComputer | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
     
    Error - 01.01.2012 14:35:24 | Computer Name = ColemanComputer | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
     
    Error - 02.01.2012 05:55:32 | Computer Name = ColemanComputer | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
     "\\?\Volume{5b701b8b-e103-11e0-821b-003067a735e8}" können nicht gelesen werden.
     
    Error - 02.01.2012 05:55:32 | Computer Name = ColemanComputer | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
     "\\?\Volume{5b701c37-e103-11e0-821b-003067a735e8}" können nicht gelesen werden.
     
    Error - 02.01.2012 05:55:40 | Computer Name = ColemanComputer | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%577
     
    Error - 02.01.2012 05:55:41 | Computer Name = ColemanComputer | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
       %%577
     
    Error - 02.01.2012 05:55:41 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 02.01.2012 05:55:54 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 02.01.2012 05:55:54 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
     
    < End of report >
    Meine Programme

    Code:
    7-Zip 9.20 (x64 edition)	Igor Pavlov	01.06.2011	4,53MB	9.20.00.0
    AAVUpdateManager	Wolters Kluwer Deutschland GmbH	18.12.2011	32,1MB	18.00.0000
    Acronis*True*Image*Home 2012	Acronis	01.03.2012	295MB	15.0.6154
    Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	05.04.2012	6,00MB	11.2.202.228
    Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	05.04.2012	6,00MB	11.2.202.228
    AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	05.05.2012	26,3MB	8.0.873.0
    Anti-Twin (Installation 06.05.2012)	Joerg Rosenthal, Germany	05.05.2012		
    Artisteer 3	Extensoft	15.02.2012		3.0
    Audacity 1.2.6		04.06.2011		
    Avira Free Antivirus	Avira	07.05.2012	104,8MB	12.0.0.1125
    AVM FRITZ!Box Dokumentation	AVM Berlin	02.06.2011		
    AVM FRITZ!Box Druckeranschluss	AVM Berlin	02.06.2011		
    AVM FRITZ!Box USB-Fernanschluss	AVM Berlin	02.06.2011		2.2.1.0
    Biet-O-Matic v2.14.8	BOM Development Team	25.12.2011	6,84MB	2.14.8
    Brother MFL-Pro Suite DCP-J315W	Brother Industries, Ltd.	23.02.2012		1.0.3.0
    Camtasia Studio 7	TechSmith Corporation	02.10.2011	219MB	7.0.1
    CCleaner	Piriform	02.05.2012		3.18
    CDBurnerXP	CDBurnerXP	05.05.2012	12,2MB	4.4.1.3099
    DATA BECKER shop to date 7 basic	DATA BECKER GmbH & Co. KG	01.01.2012	246MB	7.0.0.1732
    DDBAC	DataDesign	24.12.2011	8,57MB	4.3.71
    ElsterFormular	Landesfinanzdirektion Thüringen	06.05.2012	222MB	13.2.0.8623u
    Foxit Reader	Foxit Corporation	05.05.2012	36,1MB	5.3.0.423
    FreeFileSync v5.3	ZenJu	05.05.2012		5.3
    Gigaset QuickSync	Gigaset Communications GmbH	29.08.2011	3,16MB	6.1.0822.15063
    GIMP 2.6.12	The GIMP Team	24.02.2012	114,9MB	2.6.12
    Google Chrome	Google Inc.	03.02.2012		18.0.1025.168
    Google Drive	Google, Inc.	05.05.2012	11,6MB	1.0.2975.8828
    HDR Efex Pro	Nik Software, Inc.	19.12.2011		1.2.0.0
    Image Resizer for Windows	Brice Lambson	13.01.2012	1,90MB	3.0.4319.33193
    InfoBibliothek 2	Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH	18.12.2011	29,5MB	1.08.03.01
    IrfanView (remove only)	Irfan Skiljan	05.05.2012	1,50MB	4.32
    Java(TM) 6 Update 31	Oracle	24.02.2012	95,1MB	6.0.310
    JDownloader	AppWork UG (haftungsbeschränkt)	02.06.2011		
    KompoZer 0.8b3	KompoZer	25.12.2011	21,8MB	
    MAGIX PC Check & Tuning 2012 Download-Version	MAGIX AG	05.05.2012		7.0.401.3
    MAGIX PC Live	MAGIX AG	05.05.2012		1.0.4.8
    MAGIX Screenshare	MAGIX AG	05.05.2012	1,43MB	4.3.6.1987
    Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	22.04.2012	18,0MB	1.61.0.1400
    Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	10.01.2012	38,8MB	4.0.30320
    Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	10.01.2012	2,94MB	4.0.30320
    Microsoft .NET Framework 4 Extended	Microsoft Corporation	10.01.2012	52,0MB	4.0.30320
    Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	10.01.2012	10,7MB	4.0.30320
    Microsoft .NET Framework 4 Multi-Targeting Pack	Microsoft Corporation	08.11.2011	83,5MB	4.0.30319
    Microsoft Expression Blend 3 SDK	Microsoft Corporation	08.11.2011	8,85MB	1.0.1343.0
    Microsoft Expression Blend SDK for .NET 4	Microsoft Corporation	08.11.2011	9,71MB	2.0.20621.0
    Microsoft Office Professional Plus 2010	Microsoft Corporation	03.10.2011		14.0.6029.1000
    Microsoft Silverlight 3 SDK	Microsoft Corporation	08.11.2011	31,9MB	3.0.40818.0
    Microsoft Silverlight 4 SDK	Microsoft Corporation	08.11.2011	51,6MB	4.0.50401.0
    Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.10.2011	1,70MB	3.1.0000
    Microsoft Sync Framework 2.0 Core Components (x86) ENU 	Microsoft Corporation	09.06.2011	0,94MB	2.0.1578.0
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU 	Microsoft Corporation	09.06.2011	2,27MB	2.0.1578.0
    Microsoft Visio Premium 2010	Microsoft Corporation	23.12.2011		14.0.6029.1000
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.06.2011	0,29MB	8.0.59193
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation	29.09.2011	0,77MB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	19.12.2011	0,24MB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	29.09.2011	0,77MB	9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.12.2011	0,23MB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	01.06.2011	0,58MB	9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	05.01.2012	15,1MB	10.0.30319
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	12,3MB	10.0.40219
    Mindjet MindManager 2012	Mindjet	05.04.2012	233MB	10.1.459
    Morpheus Photo Morpher v3.15	Morpheus Software, LLC	18.02.2012	9,92MB	
    Mozilla Firefox 11.0 (x86 de)	Mozilla	09.04.2012	120,2MB	11.0
    Mozilla Thunderbird (8.0)	Mozilla	14.12.2011		8.0 (de)
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.09.2011	1,28MB	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	11.09.2011	1,33MB	4.20.9876.0
    MSXML 4.0 SP3 Parser	Microsoft Corporation	28.04.2012	1,48MB	4.30.2100.0
    MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	28.04.2012	1,53MB	4.30.2107.0
    MyLogoMaker 3.0	Avanquest USA, Inc.	23.06.2011		
    neroxml	Nero AG	10.09.2011	3,70MB	1.0.0
    Notepad++		05.05.2012		6.1.2
    Nuance PDF Converter Professional 7	Nuance Communications, Inc	29.09.2011	625MB	7.10.6403
    NVIDIA Drivers	NVIDIA Corporation	05.01.2012	3,25MB	1.10.62.40
    NVIDIA ForceWare Network Access Manager	NVIDIA Corporation	02.10.2011		1.00.7325.0
    PDF-XChange 3	Tracker Software	05.04.2012		
    Photomatix Pro version 4.0.2	HDRsoft Sarl	20.10.2011	20,2MB	4.0.2
    Photomatix Pro version 4.1.4	HDRsoft Sarl	12.03.2012	22,4MB	4.1.4
    Picasa 3	Google, Inc.	01.06.2011		3.8
    PixiePack Codec Pack	None	10.03.2012	17,2MB	1.1.1200.0
    PrintKey2000		06.06.2011		
    Protect Disc License Helper 1.0.125 (IE)	Protect Disc	30.10.2011		1.0.125
    ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	30.10.2011		11.0.0.14
    ProtectDisc Helper Driver 10		18.12.2011		10.0.0.3
    Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	02.10.2011		6.0.1.6409
    Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	02.10.2011		6.1.7600.30126
    SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	14.01.2012	42,8MB	1.4.4.0
    Skat-Online V9	Skat.com, c/o Markus Riehl	18.12.2011		
    Steuer-Spar-Erklärung 2011	Akademische Arbeitsgemeinschaft Verlag	22.06.2011	377MB	16.12
    Steuer-Spar-Erklärung 2012	Wolters Kluwer Deutschland GmbH	26.01.2012	337MB	17.05
    Steuer-Spar-Erklärung Plus 2012	Wolters Kluwer Deutschland GmbH	06.05.2012	351MB	17.10
    Sunny Explorer	SMA Solar Technology AG	28.03.2012	42,8MB	1.3.4
    TapinRadio 1.36.2	Raimersoft	03.06.2011	29,8MB	
    The Panorama Factory V5 m32 Edition	Smoky City Design	05.10.2011	20,0MB	5.3.2800
    TrueCrypt	TrueCrypt Foundation	21.10.2011		7.1
    UltraISO Premium V9.36		19.04.2012	6,24MB	
    VLC media player 1.1.11	VideoLAN	09.12.2011		1.1.11
    Windows Live Essentials	Microsoft Corporation	12.10.2011		15.4.3538.0513
    WinHTTrack Website Copier 3.44-1 (x64)	HTTrack	02.09.2011		3.44.1
    WISO Mein Geld 2012 Standard	Buhl Data Service GmbH	12.04.2012		
    Wondershare MobileGo ( Version 1.1.0 )	Wondershare	14.01.2012	42,2MB	1.1.0

    Ergenis von Highjackthis
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:29:52, on 11.05.2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\Desktop\Koffer\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Coleman\Desktop\Koffer\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    C:\Users\Coleman\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
    C:\Users\Coleman\Downloads\HiJackThis204.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=hp&babsrc=lnkry_nt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
    O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Bild an MindManager senden - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
    O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Link an MindManager senden - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
    O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll /100
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: PDF-Datei erstellen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: Seite an MindManager senden - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
    O8 - Extra context menu item: Text an MindManager senden - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\ASTSRV.EXE
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MAGIX StartUp Analyze Service - MAGIX AG - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Volumeschattenkopie (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 14252 bytes
    Geändert von Carla G. (11.05.2012 um 19:34 Uhr)

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.774

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    Das Program installieren und ausführen:
    Anleitung:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

    2.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    3.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger Avatar von Carla G.
    Registriert seit
    08.05.2012
    Beiträge
    5

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!

    ------------>> gelesen und akzeptiert !

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.774

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    ja Ok, arbeite bitte die Schritte ab !
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger Avatar von Carla G.
    Registriert seit
    08.05.2012
    Beiträge
    5

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    hallo kira,

    habe alles nach bestem wissen und gewissen erledigt

  6. #6
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.774

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    Kopiere/poste bitte alle NEUE Ergebnisse/Logs, Mitteilungenin usw in deinem Thread als nächste Antwort da rein! Also nicht zu deinem 1 Posting hinzufügen ...danke

    Systemreinigung und Prüfung:

    1.
    kann ich nicht zuordnen, um was handelt es sich dabei ?:
    Code:
    [2012.05.09 18:39:47 | 000,091,548 | ---- | C] () -- C:\Users\Coleman\Desktop\12611163.jpg
    [2012.05.09 18:16:30 | 000,385,506 | ---- | C] () -- C:\Users\Coleman\Desktop\retro.jpg
    [2012.05.09 18:15:49 | 000,406,878 | ---- | C] () -- C:\Users\Coleman\Desktop\12783138.jpg
    [2012.05.09 18:13:04 | 000,198,715 | ---- | C] () -- C:\Users\Coleman\Desktop\27865511.jpg
    [2012.05.09 18:10:06 | 000,386,692 | ---- | C] () -- C:\Users\Coleman\Desktop\24661028.jpg
    usw
    Fotos, Bilder, Musik Dokumente etc, sortiert und in eigene Ordner abgelegen! Desktop ist dafür nicht geeignet und nicht gedacht!
    auf Desktop sollten nur Verknüpfungen für häufig verwendete Programme liegen, um sie schneller starten zu können, das erspart den Programmaufruf
    2.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert inkl. :OTL):
    Code:
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=hp&babsrc=lnkry_nt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=24&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    [2011.11.09 20:46:52 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011.11.09 20:46:52 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011.11.09 20:46:52 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2011.11.02 20:15:48 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.11.09 20:46:52 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    [2012.05.09 19:21:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.05.09 18:54:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job
    [2012.05.06 15:54:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job
    [2012.05.06 17:16:27 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.05.06 15:49:30 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job
    [2012.05.06 15:49:29 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0574215C
    
    :Files
    C:\Windows\tasks\AutoKMS.job
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    3.
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    4.
    Tipps (unabhängig davon ob man ihn benutzt oder nicht, muss gepfegt werden!):
    ->Tipps zu Internet Explorer
    -> Standard Suchmaschine des Explorers ändern
    -> Wie kann ich den Cache im Internet Explorer leeren?

    5.
    Systemreinigung und Prüfung:
    Anleitung:-> Grundreinigung mit SUPERAntiSpyware
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.

    6.
    ♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
    -> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

    7.
    ESET Online Scanner
    Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Eset:

    Achtung!:
    Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:
    Eset/Nod32 bitte auswählen!!!-> Link und Anleitung zum ESET/NOD32 online Scanner-> Kostenlose Online Scanner
    ♦ Poste bitte das Protokoll

    8.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
    Geändert von kira (11.05.2012 um 21:29 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  7. #7
    Einsteiger Avatar von Carla G.
    Registriert seit
    08.05.2012
    Beiträge
    5

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    zu pkt 2 erl.

    Code:
    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    File C:\Users\Coleman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
    C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
    C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
    C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job moved successfully.
    C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job moved successfully.
    File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
    File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001UA.job not found.
    File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299513813-1978903685-3083533823-1001Core.job not found.
    ADS C:\ProgramData\TEMP:0574215C deleted successfully.
    ========== FILES ==========
    C:\Windows\tasks\AutoKMS.job moved successfully.
    < ipconfig /flushdns /c >
    Windows-IP-Konfiguration
    Der DNS-Aufl”sungscache wurde geleert.
    C:\Users\Coleman\Desktop\Systeme\cmd.bat deleted successfully.
    C:\Users\Coleman\Desktop\Systeme\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Coleman
    ->Temp folder emptied: 532607 bytes
    ->Temporary Internet Files folder emptied: 868328 bytes
    ->Java cache emptied: 9316807 bytes
    ->FireFox cache emptied: 50812865 bytes
    ->Google Chrome cache emptied: 150475857 bytes
    ->Flash cache emptied: 611 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
     
    User: _ocster_backup_
    ->Temp folder emptied: 0 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3934 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
    RecycleBin emptied: 653983 bytes
     
    Total Files Cleaned = 203,00 mb
     
     
    OTL by OldTimer - Version 3.2.42.3 log created on 05112012_221243
    
    Files\Folders moved on Reboot...
    C:\Users\Coleman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    
    Registry entries deleted on Reboot...
    Ergebnis SUPERantispyware
    Code:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    
    Generated 05/12/2012 at 10:14 AM
    
    Application Version : 5.0.1148
    
    Core Rules Database Version : 8590
    Trace Rules Database Version: 6402
    
    Scan type       : Complete Scan
    Total Scan Time : 01:03:26
    
    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User
    
    Memory items scanned      : 536
    Memory threats detected   : 0
    Registry items scanned    : 68658
    Registry threats detected : 0
    File items scanned        : 77286
    File threats detected     : 7
    
    Adware.Tracking Cookie
    	accounts.youtube.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	.accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	.accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	.accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    	accounts.google.com [ C:\USERS\COLEMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    eset ergebnis

    Code:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=d74d879d770fc747ba0024b36bd6f0ab
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-05-12 11:17:24
    # local_time=2012-05-12 01:17:24 (+0100, Mitteleuropäische Sommerzeit)
    # country="Germany"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1792 16777215 100 0 17940136 17940136 0 0
    # compatibility_mode=5893 16776573 100 94 62975 88442961 0 0
    # compatibility_mode=8192 67108863 100 0 112 112 0 0
    # scanned=277711
    # found=0
    # cleaned=0
    # scan_time=8333
    ESETSmartInstaller@High as downloader log:
    all ok

    OTL logfile created on: 12.05.2012 13:28:58 - Run 2

    Code:
    OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Coleman\Desktop\Systeme
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 69,40% Memory free
    16,00 Gb Paging File | 13,72 Gb Available in Paging File | 85,77% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931,41 Gb Total Space | 587,69 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
    Drive F: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
     
    Computer Name: COLEMANCOMPUTER | User Name: Coleman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Coleman\Desktop\Systeme\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\MAGIX\PC_Live\MxTray.exe (MAGIX AG)
    PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
    PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
    PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
    PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
    PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
    PRC - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe (Fred's Software)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll ()
    MOD - C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll ()
    MOD - C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll ()
    MOD - C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti ()
    MOD - C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
    MOD - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MFL_U_VC9.dll ()
    MOD - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MxTray\PlugIns\MxSMARTReaderModule\sqlite3_32.dll ()
    MOD - C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll ()
    MOD - C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll ()
    MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
    MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
    MOD - C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\PlayRIpl.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (MAGIX StartUp Analyze Service) -- C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2012_Download-Version\MXSAS.exe (MAGIX AG)
    SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
    SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
    SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
    SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
    SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
    SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
    DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
    DRV:64bit: - (vidsflt61) Acronis Disk Storage Filter (61) -- C:\Windows\SysNative\drivers\vsflt61.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
    DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
    DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
    DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
    DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (vidsflt58) Acronis Disk Storage Filter (58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis)
    DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
    DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
    DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
    DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
    DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
    DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
    DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
    DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
    DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (WimFltr) -- C:\Windows\SysWOW64\drivers\WimFltr.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes,DefaultScope = 
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 D3 71 A8 1C 59 CC 01  [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
    IE - HKCU\..\SearchScopes,DefaultScope = 
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Coleman\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.10 09:04:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.15 09:05:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
     
    [2011.06.02 20:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleman\AppData\Roaming\mozilla\Extensions
    [2012.05.07 16:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions
    [2011.12.24 15:21:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011.12.30 15:35:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012.03.21 19:17:07 | 000,000,000 | ---D | M] (Complete YouTube Saver) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
    [2011.07.04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    [2012.03.30 11:03:27 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\support@lastpass.com
    [2012.04.10 09:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.04.10 09:04:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011.11.09 20:46:52 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Coleman\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Coleman\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: ColorZilla = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.2_0\
    CHR - Extension: YouTube = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google-Suche = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: The QR Code Generator = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.2_0\
    CHR - Extension: Cr!Box = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp\2.3_0\
    CHR - Extension: LastPass = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\
    CHR - Extension: TiltShiftMaker = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
    CHR - Extension: komoot = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbgbaicglaiooophhbkpkdhpglkbhohb\1.0.2_0\
    CHR - Extension: WonTube Video Converter = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlhcllbknkijepekbafagpbniolfcmme\1.0.7_0\
    CHR - Extension: Google Mail = C:\Users\Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    Hosts file not found
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
    O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
    O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Mit Nuance PDF Converter 7 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
    O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
    O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B93DF46-CC91-4DF7-82F3-BAA254303040}: DhcpNameServer = 193.189.244.225 193.189.244.206
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C55AE5F-85E4-4029-90B9-0E009F40CEB1}: DhcpNameServer = 192.168.178.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.05.12 10:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012.05.12 09:06:30 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Downloadbilder
    [2012.05.12 08:59:42 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\SUPERAntiSpyware.com
    [2012.05.12 08:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012.05.12 08:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012.05.12 08:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012.05.11 22:31:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012.05.11 22:12:43 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012.05.11 19:46:22 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Desktop
    [2012.05.11 17:28:25 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2012.05.11 17:28:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012.05.11 17:28:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012.05.11 17:28:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012.05.09 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Koffer
    [2012.05.07 19:57:39 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Steuer
    [2012.05.07 16:47:24 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\elsterformular
    [2012.05.07 16:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
    [2012.05.07 16:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
    [2012.05.07 16:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
    [2012.05.06 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Vorlagen
    [2012.05.06 18:29:28 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Doku
    [2012.05.06 18:26:35 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Grafik
    [2012.05.06 18:26:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\Systeme
    [2012.05.06 18:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012.05.06 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012.05.06 18:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012.05.06 17:45:12 | 000,000,000 | ---D | C] -- C:\AMD
    [2012.05.06 17:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2012.05.06 15:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
    [2012.05.06 12:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    [2012.05.03 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
    [2012.04.29 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Desktop\2012-04-29
    [2012.04.29 09:15:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\OnDemandDump
    [2012.04.29 09:15:25 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\CrashLog
    [2012.04.28 18:58:59 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\MAGIX
    [2012.04.28 18:58:10 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\MAGIX_MxTray
    [2012.04.28 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\OnDemandDump
    [2012.04.28 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\CrashLog
    [2012.04.28 18:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
    [2012.04.28 18:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
    [2012.04.20 19:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
    [2012.04.20 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
    [2012.04.20 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\Coleman\Documents\My ISO Files
    [2012.04.13 11:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Mein Geld 2012
    [2012.04.12 16:09:13 | 000,000,000 | ---D | C] -- C:\Users\Coleman\AppData\Roaming\Smart PC Solutions
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.05.12 09:02:26 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.05.12 09:02:26 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.05.12 08:59:28 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012.05.12 08:55:30 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\MxTray.job
    [2012.05.12 08:55:05 | 000,458,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.05.12 08:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.05.12 08:54:33 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys
    [2012.05.11 22:35:27 | 001,656,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.05.11 22:35:27 | 000,705,208 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.05.11 22:35:27 | 000,659,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.05.11 22:35:27 | 000,151,702 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.05.11 22:35:27 | 000,123,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.05.08 19:17:22 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2012.05.08 19:17:22 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2012.05.07 16:43:04 | 000,033,223 | ---- | M] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012
    [2012.05.07 16:43:02 | 000,033,223 | ---- | M] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012_Backup
    [2012.05.07 15:59:56 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung Plus 2012.lnk
    [2012.05.06 15:50:31 | 000,002,418 | ---- | M] () -- C:\Users\Coleman\Desktop\Google Chrome.lnk
    [2012.05.06 15:36:32 | 000,000,030 | ---- | M] () -- C:\Windows\PCCT.INI
    [2012.05.06 12:53:19 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2012.04.29 20:21:12 | 000,029,264 | ---- | M] () -- C:\Users\Coleman\.recently-used.xbel
    [2012.04.29 10:50:43 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
    [2012.04.23 16:37:02 | 000,001,156 | ---- | M] () -- C:\Users\Coleman\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.04.20 19:09:53 | 202,553,344 | ---- | M] () -- C:\Users\Coleman\Desktop\20120420_190921.iso
     
    ========== Files Created - No Company Name ==========
     
    [2012.05.12 08:59:28 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012.05.07 16:41:58 | 000,033,223 | ---- | C] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012_Backup
    [2012.05.07 16:41:58 | 000,033,223 | ---- | C] () -- C:\Users\Coleman\Desktop\vost_2012.GewErfass2012
    [2012.05.07 15:59:56 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar-Erklärung Plus 2012.lnk
    [2012.05.06 15:50:45 | 000,001,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012.05.06 15:36:33 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\MxTray.job
    [2012.05.06 12:53:19 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
    [2012.04.29 20:21:12 | 000,029,264 | ---- | C] () -- C:\Users\Coleman\.recently-used.xbel
    [2012.04.29 09:24:02 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\Java(TM) Platform SE Auto Updater 2 0 MAGIX PCCT.job
    [2012.04.29 09:15:45 | 000,000,030 | ---- | C] () -- C:\Windows\PCCT.INI
    [2012.04.20 19:09:53 | 202,553,344 | ---- | C] () -- C:\Users\Coleman\Desktop\20120420_190921.iso
    [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012.03.10 16:54:27 | 000,001,590 | ---- | C] () -- C:\Users\Coleman\AppData\Roaming\MyMicroBalanceConfig.ini
    [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012.02.22 20:36:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012.02.01 21:10:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2012.01.02 15:31:06 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
    [2012.01.02 15:31:06 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
    [2011.12.19 13:56:52 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
    [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011.09.11 18:30:26 | 001,612,698 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.08.22 19:48:16 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
    [2011.08.12 19:20:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.06.19 18:38:44 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
    [2011.06.11 14:46:35 | 000,025,600 | ---- | C] () -- C:\Users\Coleman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
    
    < End of report >


    OTL Extras logfile created on: 12.05.2012 13:28:58 - Run 2
    Code:
    OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Coleman\Desktop\Systeme
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    8,00 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 69,40% Memory free
    16,00 Gb Paging File | 13,72 Gb Available in Paging File | 85,77% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931,41 Gb Total Space | 587,69 Gb Free Space | 63,10% Space Free | Partition Type: NTFS
    Drive F: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
     
    Computer Name: COLEMANCOMPUTER | User Name: Coleman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07283E50-E166-40DF-8B0C-BA2245367AA1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{09CACE54-AC65-4387-9F87-2C1CDB5B0151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{10D5919B-9A51-4D9B-BE5E-7E71AE255979}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{25D335B4-0782-4559-9A4A-CCE3CF3FFBAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{2F6D21F9-07BC-4AE6-9136-0353051CBC6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{31841CDC-9874-4FC6-82F5-D3D776AD93BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
    "{34BC72B5-7847-4509-9A77-99519FA75F62}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{37500AF3-D467-47CB-BC06-CEF4CB8D8294}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{37843975-E485-4848-A7A6-EC6AFA1D76C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{4B2F847D-A8AE-4ECD-8C27-D638D122E74B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{4BE7E181-4112-4498-B032-841D4C22A168}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{4FF5BEB5-16E8-4429-9AD4-1959FD6690F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{52C251FD-81AB-4EC6-ADE0-1B7554D40F0C}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{5D224DCE-6DB5-4871-9E9B-C56032FA24A5}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{71342CCA-E0DA-4984-BB21-E199F3D985D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{85B223CC-FBE4-4293-8F9C-1AEA58F6ED3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{8702171E-AE23-4983-AE77-D9C805830B94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{8E7FE7EB-19BE-4827-BF43-A47C35B77FC1}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{92134E39-64AD-4C02-9099-27C0F833B6A1}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{9266F24F-F32E-46AA-AC47-F1B319162A31}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{B4E09CF8-0E67-4572-BAED-67254224E616}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{CB0BD748-4186-4C60-8EBE-F005461248C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{DAEB5191-08E8-4BD3-A774-E829DCCFD86F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
    "{E04A4AF7-6759-4F58-8BA9-3A3C2E3F38B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{EC2DE6F6-F05F-436A-AE8C-CC03CCC72614}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{EC7F3077-CE79-492B-8294-9EF6F53C5D27}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{F8F42E03-EC38-4057-8E6F-AD843A79B513}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{111E2DFE-2C82-4835-927F-C9EB26DAA664}" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "{18B7C1A0-C571-40A1-8B4D-E2F39677A58C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{262D0E61-9744-4D7F-A851-6FC76EDBB6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{2F58FEED-482E-4F90-B4C5-5707BC3ED9D8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{317E1D87-EE26-4F8A-BBA0-B8284A8DB278}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{3E423548-8503-483F-A84B-7444FF750B28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{49FBDD15-9F79-46E9-A69B-E6F7FD49B211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{54BC8A68-AE8C-4392-A602-A008FF4025BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{67403424-C118-45C7-A9BF-420C154577F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{753F5284-8AA4-45E4-9F55-3502AE429635}" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "{85AB70C4-CD39-40E7-B95D-408AA6EECD52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8D25A05F-248A-41A7-A033-46BA1EE97A5E}" = protocol=6 | dir=out | app=system | 
    "{A835B4D4-0FA4-467F-9C4B-0849AB7F5899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{B79CB615-B801-454F-9EBA-EE9ADDB27151}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{B86152EC-543B-4463-AE5F-8A9C35683706}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{BC57E575-5FBE-47E1-8E63-C02B7FFF4244}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
    "{CD67148B-AE4B-47A3-B6F4-B508B6D398E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{D03F1936-5E65-466A-A3CF-54DC37BD0D32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{D0D7BCBA-8148-4861-B21F-5A46F0AFC8D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{D2CC2504-F7DF-453E-9925-A9922F65C469}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
    "{D4DAB975-FD6F-4E3B-B7F8-19CBCFBD9F03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{DA54F5B4-06F5-449F-B501-29ED6FC548C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{DA9AE7B3-AF62-4EC2-98EB-AFECBE0B848C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{E11E9BC1-C4AF-412B-ABEB-78F0EB37DF40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
    "{E4D6D1C8-C501-42CB-9FCF-1571C85104EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "{E7E2B773-C1A4-4FB4-BF83-9B23459AF36E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{EDE28991-8A4F-49CC-B1C5-5D1D7D25BDB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{F6A95083-82AE-4D1C-A6C6-021658238B39}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
    "TCP Query User{076EE15A-2474-44A5-A15B-94039170FE28}C:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "TCP Query User{45534C71-8531-40FD-81A4-E36DD737605A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "TCP Query User{7A4EC3F0-629F-4968-8D23-253E424173C3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
    "TCP Query User{B3CDC3D7-871C-4A35-B9AB-4D2445D4F2B9}C:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
    "TCP Query User{D87F52B1-BDCD-45C2-BEF5-0F9BD01B6924}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "TCP Query User{FA1DA48E-640A-4FE7-845C-09620FF3B97D}C:\program files (x86)\tapinradio\tapinradio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tapinradio\tapinradio.exe | 
    "UDP Query User{202DB9EC-CDE0-4033-BA76-4468FB608285}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
    "UDP Query User{2CD7DC99-5BDF-4F3D-B6DD-0305254F30E6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
    "UDP Query User{5959D9CC-A387-44F5-8F49-0DB6A54B55E6}C:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
    "UDP Query User{BB498050-7E36-458B-B5D8-99B250205A28}C:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\coleman\appdata\local\apps\2.0\1zmn20vq.p6y\av575m0n.vwn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
    "UDP Query User{C49585C9-6A1A-42F2-82D2-9F8C4C80697F}C:\program files (x86)\tapinradio\tapinradio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tapinradio\tapinradio.exe | 
    "UDP Query User{FEA4ED1E-C58C-4F30-97F7-FE9B7EECCB60}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
    "{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
    "{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
    "{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8001A0F-C0E6-4593-88AB-F2FB726C274E}" = Nuance PDF Converter Professional 7
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "NVIDIA Drivers" = NVIDIA Drivers
    "PDF-XChange 3_is1" = PDF-XChange 3
    "PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
    "PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
    "{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C18DC47-29D9-4D30-AFD0-739BFC628A5E}" = MAGIX PC Check & Tuning 2012 Download-Version
    "{0f571b70-6401-48cd-945d-45e2e8b559f8}" = Image Resizer for Windows
    "{1002A380-2026-11E1-A67B-F04DA23A5C58}" = MSVCRT Redists
    "{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo ( Version 1.1.0 )
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2c2f4c57-83a8-4790-a281-e83d306a9199}" = Gigaset QuickSync
    "{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
    "{31CA28D1-CAE0-48EF-BFFF-BA9C81BA055A}" = StarMoney
    "{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
    "{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39FCD08F-E311-4959-84B9-1012023724B9}" = Sunny Explorer
    "{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
    "{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
    "{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
    "{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
    "{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
    "{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
    "{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}" = Acronis*True*Image*Home 2012
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DC2C824-0D75-42C1-BECB-C5583676D253}" = The Panorama Factory V5 m32 Edition
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5B461E1D-1DB0-0BB2-132F-D77C56838FF3}" = Catalyst Control Center InstallProxy
    "{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
    "{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
    "{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
    "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
    "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
    "{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
    "{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
    "{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
    "{7B62C240-5658-4803-84E2-59674838788C}" = StarMoney
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7D5B3580-A948-4B2B-BB96-E395C59C3712}" = MAGIX PC Live
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86FA7865-F1BB-4BDA-B296-4120684A692C}" = WISO Mein Geld 2012 Standard
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}" = Google Drive
    "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
    "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
    "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
    "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
    "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
    "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
    "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
    "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
    "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
    "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
    "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
    "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
    "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
    "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
    "{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
    "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
    "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
    "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
    "{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1FD6060-8DF9-4C67-AF5E-7D25A54D1854}" = Mindjet MindManager 2012
    "{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
    "{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
    "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D97E078B-38A1-40CB-9539-767813BEFF01}" = MAGIX Screenshare
    "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
    "{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
    "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
    "{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F8001A0F-C0E6-4593-88AB-F2FB726C274E}" = Nuance PDF Converter Professional 7
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
    "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
    "Anti-Twin 2011-06-11 15.08.45" = Anti-Twin (Installation 06.05.2012)
    "Artisteer 3" = Artisteer 3
    "Audacity_is1" = Audacity 1.2.6
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "AVMFBox" = AVM FRITZ!Box Dokumentation
    "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
    "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
    "ElsterFormular 13.2.0.8623u" = ElsterFormular
    "ESET Online Scanner" = ESET Online Scanner v3
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader_is1" = Foxit Reader
    "FreeFileSync" = FreeFileSync v5.3
    "HDR Efex Pro" = HDR Efex Pro
    "IrfanView" = IrfanView (remove only)
    "JDownloader" = JDownloader
    "MAGIX_MSI_PC_Check_Tuning_2012" = MAGIX PC Check & Tuning 2012 Download-Version
    "MAGIX_MSI_PC_Live" = MAGIX PC Live
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
    "Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.15
    "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
    "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
    "MyLogoMaker_is1" = MyLogoMaker 3.0
    "Notepad++" = Notepad++
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "Picasa 3" = Picasa 3
    "PrintKey2000" = PrintKey2000
    "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "shop to date 7 basic_is1" = DATA BECKER shop to date 7 basic
    "TapinRadio_is1" = TapinRadio 1.36.2
    "TrueCrypt" = TrueCrypt
    "UltraISO_is1" = UltraISO Premium V9.36
    "VLC media player" = VLC media player 1.1.11
    "WinGimp-2.0_is1" = GIMP 2.6.12
    "WinLiveSuite" = Windows Live Essentials
    "WISO Mein Geld 2012 Standard" = WISO Mein Geld 2012 Standard
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
    "Google Chrome" = Google Chrome
    "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
    "Skat-Online V9" = Skat-Online V9
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 12.05.2012 06:47:42 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 12.05.2012 06:50:09 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 12.05.2012 06:52:36 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 12.05.2012 06:52:39 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 12.05.2012 06:55:03 | Computer Name = ColemanComputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
     Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
     Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
     gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .
     
    Error - 12.05.2012 07:24:20 | Computer Name = ColemanComputer | Source = SideBySide | ID = 16842832
    Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Coleman\Downloads\esetsmartinstaller_enu
     (1).exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung
     erforderliche Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven
     Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error - 12.05.2012 07:24:20 | Computer Name = ColemanComputer | Source = SideBySide | ID = 16842832
    Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Coleman\Downloads\esetsmartinstaller_enu.exe".
     Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
     Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
    In
     Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error - 12.05.2012 07:24:24 | Computer Name = ColemanComputer | Source = SideBySide | ID = 16842832
    Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Coleman\Downloads\esetsmartinstaller_enu.exe".
     Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
     Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
    In
     Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error - 12.05.2012 07:24:24 | Computer Name = ColemanComputer | Source = SideBySide | ID = 16842832
    Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Coleman\Downloads\esetsmartinstaller_enu.exe".
     Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
     Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
    In
     Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    Error - 12.05.2012 07:24:27 | Computer Name = ColemanComputer | Source = SideBySide | ID = 16842832
    Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Coleman\Downloads\esetsmartinstaller_enu.exe".
     Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
     Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
    In
     Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponente
     2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
     
    [ System Events ]
    Error - 01.01.2012 10:13:29 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 10:13:29 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 10:13:29 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 10:14:46 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 10:15:03 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 10:15:03 | Computer Name = ColemanComputer | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = Fehler beim Lesen der Datei für lokale Hosts.
     
    Error - 01.01.2012 14:35:17 | Computer Name = ColemanComputer | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
     "\\?\Volume{5b701b8b-e103-11e0-821b-003067a735e8}" können nicht gelesen werden.
     
    Error - 01.01.2012 14:35:17 | Computer Name = ColemanComputer | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
    Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
     "\\?\Volume{5b701c37-e103-11e0-821b-003067a735e8}" können nicht gelesen werden.
     
    Error - 01.01.2012 14:35:18 | Computer Name = ColemanComputer | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
     
    Error - 01.01.2012 14:35:24 | Computer Name = ColemanComputer | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
     
     
    < End of report >
    Geändert von Carla G. (12.05.2012 um 14:03 Uhr)

  8. #8
    Einsteiger Avatar von Carla G.
    Registriert seit
    08.05.2012
    Beiträge
    5

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    Hallo nochmal zusammen !

    Ich möchte mich mal ganz herzlich bedanken für Deine bzw. für Euro Mühe, vor allem die Zeit die Ihr zu Analyse und Hilfe benötigt...
    Herzlichen Dank !!

    Es hat sich systemisch geändert, er braucht nun viel länger zum erkennen der USB Anschlüsse ( also vor Windows )
    "Initializing USB Controllers" dauert so ca. 30 - 50 Sec.

    Danach habe ich das Gefühl das Windows wesentlich schneller startet, wenngleich er am Anfang auch nicht gleich die USB-Maus erkennt,
    dies dauert auch nochmal 20 Sek. bis die aktiv ist.

    Ich hoffe dies bringt Euch ( und mich ) weiter....

    LG
    C.

  9. #9
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.774

    AW: Sehr lange Ladezeiten >3 Min. und ich habe das Gefühl meine FP macht spanabhebend

    1.
    kannst deinstallieren:
    ESET Online Scanner
    Malwarebytes Anti-Malware
    SUPERAntiSpyware
    2.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert inkl. :OTL):
    Code:
    :OTL
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    [2011.07.04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Coleman\AppData\Roaming\mozilla\Firefox\Profiles\bveul3bj.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    3.
    Mozilla Firefox Aktualisieren - über Menü Hilfe und klicken Sie auf Nach Updates suchen....
    Geändert von kira (13.05.2012 um 07:28 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 3
    Letzter Beitrag: 04.01.2012, 15:03
  2. Antworten: 1
    Letzter Beitrag: 11.02.2011, 07:51
  3. Antworten: 48
    Letzter Beitrag: 20.01.2010, 18:19
  4. Antworten: 4
    Letzter Beitrag: 15.12.2009, 11:58
  5. Extrem lange Ladezeiten und Inet Probleme
    Von FaKeR91 im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 12.10.2006, 22:35

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •