MyStart incredibar eingefangen

http://www.trojaner-board.de/thema/mystart by incredibar.html
http://www.trojaner-board.de/thema/mystart.incredibar.html
http://www.trojaner-board.de/thema/my start incredibar.html

Bereinigung mit Malwarebytes' Anti-Malware (Komplett-Scan)

Lade bitte Malwarebytes' Anti-Malware herunterund mache bitte mit einen Komplett-Scan nach dieser Anleitung und poste das Logfile hier in den Thread.

Sollte das nicht funktionieren, starte den abgesicherten Modus und befolge diese Anleitung.

Danach gehe wievolgt vor: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Melde Dich, wenn es Probleme gibt.

 

danke!


:x

 

Hey, habe mir auch diese incredibar-dingens eingefangen. Habe nun den Scan mie Malware gemacht und folgenden Report:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.08.26.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Nicolai :: NICOLAI-PC [Administrator]

26.08.2012 21:38:43
mbam-log-2012-08-26 (21-38-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305046
Laufzeit: 59 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_foto-mosaik-edda.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nicolai\Downloads\setup.exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Incredibar ist allerdings immer noch nicht weg.
Ich hoffe ihr könnt mir helfen...
Danke

 

hier folgt noch die OTL-Texte...
OTL.Txt:
OTL logfile created on: 8/26/2012 11:06:05 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Nicolai\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.33% Memory free
5.93 Gb Paging File | 4.83 Gb Available in Paging File | 81.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 142.81 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 225.24 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: NICOLAI-PC | User Name: Nicolai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nicolai\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe ()
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe ()
MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Kodak AiO Status Monitor Service) -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (OberonGameConsoleService) -- C:\Programme\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyMe2Gj2i&i=26
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyMe2Gj2i&&i=26&search="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/26 21:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/26 21:13:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/23 17:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolai\AppData\Roaming\mozilla\Extensions
[2012/08/26 20:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolai\AppData\Roaming\mozilla\Firefox\Profiles\c5qqphcq.default\extensions
[2011/12/20 00:36:30 | 000,000,933 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\11-suche.xml
[2012/08/26 20:25:21 | 000,000,927 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\conduit.xml
[2011/12/20 00:36:30 | 000,002,419 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\englische-ergebnisse.xml
[2011/12/20 00:36:30 | 000,010,525 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\gmx-suche.xml
[2011/12/20 00:36:30 | 000,002,457 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\lastminute.xml
[2012/08/26 20:31:17 | 000,002,203 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\MyStart Search.xml
[2011/12/20 00:36:30 | 000,005,508 | ---- | M] () -- C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\c5qqphcq.default\searchplugins\webde-suche.xml
[2012/01/29 21:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/06/02 11:38:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 11:40:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-771618654-3341757510-301361698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D2EC21C-F68D-4F70-9CC6-95B69A654502}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E546E9A-A665-4AB0-9826-F061E48BF8E2}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 22:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nicolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2012/08/26 21:36:54 | 000,000,000 | ---D | C] -- C:\Users\Nicolai\AppData\Roaming\Malwarebytes
[2012/08/26 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/26 21:36:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/08/26 21:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/26 20:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2012/08/23 11:30:32 | 000,000,000 | ---D | C] -- C:\Users\Nicolai\Documents\GIMP
[2012/08/20 21:06:31 | 000,000,000 | ---D | C] -- C:\Users\Nicolai\AppData\Roaming\MusE
[2012/08/20 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Nicolai\AppData\Local\MusE
[2012/08/20 21:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
[2012/08/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\MuseScore
[2012/08/17 12:48:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/17 12:48:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/17 12:48:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/08/17 12:48:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/17 12:48:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/08/17 12:48:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/17 12:48:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/08/16 17:01:51 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/08/16 17:01:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/16 17:01:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll

========== Files - Modified Within 30 Days ==========

[2012/08/26 22:57:30 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 22:57:30 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 22:50:37 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 22:50:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/26 22:50:03 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 22:35:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 22:26:02 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/26 21:19:20 | 000,717,046 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/08/26 21:19:20 | 000,668,020 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/08/26 21:19:20 | 000,155,842 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/08/26 21:19:20 | 000,126,054 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/26 20:31:48 | 000,000,454 | ---- | M] () -- C:\user.js
[2012/08/25 18:03:42 | 000,004,027 | ---- | M] () -- C:\Users\Nicolai\.recently-used.xbel
[2012/08/23 11:41:03 | 000,001,060 | ---- | M] () -- C:\Users\Nicolai\Desktop\MuseScore.lnk
[2012/08/17 13:09:43 | 000,427,904 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/16 18:35:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/16 18:35:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/10 19:06:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad

========== Files Created - No Company Name ==========

[2012/08/26 21:06:01 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/26 20:31:47 | 000,000,454 | ---- | C] () -- C:\user.js
[2012/08/25 18:03:42 | 000,004,027 | ---- | C] () -- C:\Users\Nicolai\.recently-used.xbel
[2012/08/23 11:41:03 | 000,001,060 | ---- | C] () -- C:\Users\Nicolai\Desktop\MuseScore.lnk
[2012/08/10 19:06:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad
[2011/08/16 19:25:58 | 000,000,112 | ---- | C] () -- C:\windows\ActiveSkin.INI
[2011/03/23 22:45:48 | 000,000,169 | ---- | C] () -- C:\Users\Nicolai\.gtkrc-2.0
[2011/03/21 22:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/21 21:16:31 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/03/21 21:00:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/09/14 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/09/14 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/10/22 15:06:12 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\.minecraft
[2011/05/29 07:40:28 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\go
[2012/08/25 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\gtk-2.0
[2011/09/09 10:43:42 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\ICQ
[2012/08/20 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\MusE
[2011/08/19 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\Scribus
[2011/03/30 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\Temp
[2011/12/31 00:16:49 | 000,000,000 | ---D | M] -- C:\Users\Nicolai\AppData\Roaming\Toblo
[2012/01/08 17:47:54 | 000,032,622 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Extras.Txt:
OTL Extras logfile created on: 8/26/2012 11:06:05 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Nicolai\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.97 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.33% Memory free
5.93 Gb Paging File | 4.83 Gb Available in Paging File | 81.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 142.81 Gb Free Space | 63.38% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 225.24 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: NICOLAI-PC | User Name: Nicolai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile

Editiert:

---

-- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F1033-3253-48FD-8477-60BB44EE2C02}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{34561F0A-20A6-4C6E-9D3C-22938D553A99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49AA873D-B7D7-4604-8AB3-2D93CA889120}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{4EB3908D-6585-4BCD-8E5F-D66023167770}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57BEA542-C651-435E-835B-4F8751BB4EF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F1E79C1-3707-4207-9DD4-3864B001F108}" = lport=10243 | protocol=6 | dir=in | app=system |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A05BABF6-6729-4E80-A01B-A56ECE4EDE29}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3C9C651-08F9-4E37-A7C4-2B5BC79AE034}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6D91C78-EDF8-4FEB-810F-F31DFE588D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8B7CCCF-57AB-4B35-B230-B72C0D2290CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADF5AA6B-2D9A-4336-8061-AA30E71B1A86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF87D90A-3797-4300-A3C6-3E0150AA20CD}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{B67766EB-6278-43E3-87EE-FB2CFFB70C46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{BCC0DD48-3DD8-47F8-B7B7-5D6C03796258}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA3A6A4D-D2D6-409E-9129-9312EAFB3B4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD4BEF1F-60CE-4DC8-9446-24FA4E8E82C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E87D95BB-E67E-461E-AF5D-4D01988112B5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0AB80C1-7E7A-41B1-8EC1-C2C98B946A24}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10BA6771-6226-4380-8994-3D40FE7CCB53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{110916DF-6239-4A63-8163-9552D2D59C7B}" = protocol=6 | dir=out | app=system |
"{1747141F-A36A-4613-8E30-5053142E0180}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{179CDFD6-1CDB-487F-B380-5446C3828582}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{33687B51-46EC-4225-90BE-14FDFF811E24}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{34AFA49C-2FE2-44B7-BDAE-EF1A90F47FFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{371E0B98-9F49-4948-9B5F-A4143EF0CA58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B080EB3-FEF4-4F3D-B044-4D9E87E2A652}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4061CCAB-67A6-425D-BD34-3DF22AFD504A}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{44A75A44-2210-4DF1-8873-833CA5516A37}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{470F1563-1A64-4679-9907-A27DB9DF5C44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48D48EBD-B69F-4AE7-875E-D06CA5C6D9D0}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{50AF080D-F401-4D36-9114-918474671E98}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{5CCA273F-9BCB-4A53-A1B7-AFECF328E3A4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{5F1CE480-8927-4044-A626-CD3F4EE117EC}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71A6DB14-A224-491F-818A-09016538C941}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{877F4670-5C01-42A2-9CE1-27686E00C54C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{943E666C-2B04-4E2A-B80C-EB98B2D41B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{986A5F81-9AF0-4FAD-8797-906264B30D51}" = protocol=17 | dir=in | app=c:\program files\toblo\toblo 1.2.exe |
"{98F41814-97B6-4A68-BB78-811B673DA6E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B55B672-C9E4-4987-8E6F-C9DAE0147CCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D95001A-96E8-4602-BA2B-E281F1B3BEB6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A4106FC1-84A1-43A3-AA5A-956F7D7A1113}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A55D39F0-854B-42FA-BB8C-8567AB7BBE39}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AD2BD60C-7EF6-4A57-8799-D3827E78C584}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{AD36440F-0396-4D28-94EE-68280114D374}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{AFB386C5-D193-43E3-94C1-395298FC8705}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{B98CD430-C0F3-4B6F-89AE-4A65F9E4DC2F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{BA99D786-56A4-4930-8AF1-A428E08F34E5}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CD6719CD-F68A-45E0-8816-23EB902671C8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{D13B0A5D-EB19-48A9-A4F9-3D0D2DAEF126}" = protocol=6 | dir=in | app=c:\program files\toblo\toblo 1.2.exe |
"{D184F3EA-30DF-4E2B-8B9D-7546469B2C2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D20AA23F-08A2-4FBE-99C4-D612F2F929C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD420C95-21D0-47B0-A77E-2B3D7A97BB10}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E2BAEA71-08CB-424B-8DC0-68948F970438}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{EB8AD704-113B-44E1-8A49-C36701706DB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC3E53B2-BF79-4142-B756-9204DB240208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F121A543-233A-4D66-821B-1F512339C1DC}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{4306CB26-3048-4B82-94D7-9D43398EB8A9}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"TCP Query User{70E7A834-F249-4BE4-ACF9-4847F888D179}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{581F717E-7A68-42BB-BD30-3A2D00016AAC}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{C7470439-47D6-4117-B2EF-12247E5E9DF2}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{833D97B9-AC16-45C1-AD44-0A32198956F8}" = Gimp Themes v1.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.8.0
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"OpenAL" = OpenAL
"Scribus 1.4.0" = Scribus 1.4.0rc5
"Steam App 400" = Portal
"Steam App 620" = Portal 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"VLC media player" = VLC media player 2.0.2
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Toblo" = Toblo (1.2)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2012 6:31:35 PM | Computer Name = Nicolai-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 5/13/2012 7:30:41 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 5/13/2012 7:30:58 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 5/18/2012 8:20:17 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 5/18/2012 8:20:34 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 5/30/2012 10:47:26 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 5/30/2012 10:47:40 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 6/3/2012 12:01:55 PM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 6/3/2012 12:02:13 PM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 6/10/2012 9:36:35 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 6/10/2012 9:36:50 AM | Computer Name = Nicolai-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ Media Center Events ]
Error - 12/2/2009 5:20:20 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 6:20:15 PM - Error connecting to the internet. 6:20:15 PM - Unable
to contact server..

Error - 12/2/2009 6:22:12 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:11 PM - Error connecting to the internet. 7:22:12 PM - Unable
to contact server..

Error - 12/2/2009 6:22:22 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 7:22:17 PM - Error connecting to the internet. 7:22:17 PM - Unable
to contact server..

Error - 12/3/2009 3:52:35 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:35 PM - Error connecting to the internet. 4:52:35 PM - Unable
to contact server..

Error - 12/3/2009 3:52:45 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 4:52:40 PM - Error connecting to the internet. 4:52:40 PM - Unable
to contact server..

Error - 12/3/2009 7:44:47 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:47 PM - Error connecting to the internet. 8:44:47 PM - Unable
to contact server..

Error - 12/3/2009 7:44:57 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:44:52 PM - Error connecting to the internet. 8:44:52 PM - Unable
to contact server..

Error - 12/17/2009 7:32:56 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:32:55 PM - Error connecting to the internet. 8:32:55 PM - Unable
to contact server..

Error - 12/17/2009 7:33:05 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 8:33:01 PM - Error connecting to the internet. 8:33:01 PM - Unable
to contact server..

Error - 3/11/2011 12:33:16 AM | Computer Name = WIN-1K08L9IDUMC | Source = MCUpdate | ID = 0
Description = 1:33:13 PM - Fehler beim Herstellen der Internetverbindung. 1:33:13
PM - Serververbindung konnte nicht hergestellt werden..

[ OSession Events ]
Error - 7/5/2011 3:45:40 PM | Computer Name = Nicolai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10729
seconds with 7320 seconds of active time. This session ended with a crash.

Error - 7/5/2011 3:46:06 PM | Computer Name = Nicolai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/30/2011 10:39:06 PM | Computer Name = Nicolai-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

Neue
Signaturversion: Vorherige Signaturversion: 1.117.1932.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.7903.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Error - 1/5/2012 7:07:23 AM | Computer Name = Nicolai-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

Feature:
%%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Grund: %%842

Error - 1/8/2012 11:48:18 AM | Computer Name = Nicolai-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

Feature:
%%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Grund: %%842

Error - 1/12/2012 9:06:37 AM | Computer Name = Nicolai-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 1/12/2012 9:06:37 AM | Computer Name = Nicolai-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 1/19/2012 2:59:13 PM | Computer Name = Nicolai-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 1/19/2012 2:59:13 PM | Computer Name = Nicolai-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 1/19/2012 2:59:14 PM | Computer Name = Nicolai-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 1/19/2012 2:59:14 PM | Computer Name = Nicolai-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 1/24/2012 11:01:50 AM | Computer Name = Nicolai-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

Feature:
%%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Grund: %%842


< End of report >

---