| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox staret automatisch http://ad.adserverplus.com/ mit leerem FensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.11.2012, 17:03
| #1 |
 |  Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster Hallo zusammen, in der Hoffnung, dass ich als Neuling nicht irgend eine Regel übersehen habe, will ich mein Problem schildern: Seit einigen Tagen öffnet Firefox an schwer reproduzierbaren Stellen das vielzitierte Fenster hxxp://ad.adserverplus.com/. Das Fenster ist allerdings leer; eine Besonderheit, die mir in dieser Form bei den anderen Beiträgen nicht so aufgefallen ist. Heute bin ich auf eure (sehr übersichtlich und verständlich aufgebaute) Website gestoßen und habe folgendes abgearbeitet: 1. Malwarebytes gestartet ==> alles sauber 2. Defogger gestartet ==> In Bruchteilen einer Sekunde erschien die Meldung "Finished" also offensichtlich auch hier alles ok. 3. Habe OTL laufen lassen ==> die beiden Logs folgen unten. Da ich Windows 7 (64 bit) habe, habe ich weiter nichts unternommen, füge die beiden Dateien ein und warte auf eure Reaktion. Im voraus schon besten Dank! Masin OTL.txt: OTL logfile created on: 10.11.2012 16:16:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free 11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Downloads\firefox\Trojaner-Board\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () PRC - C:\Program Files (x86)\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - E:\Downloads\windows\Desktop\dsksve8\DeskSave.exe () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (G Data Software AG) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (Null) -- C:\Windows\SysWow64\NULL () DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 E6 22 1C E7 BC CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20 FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2 FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.10.3.0 FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=7878efc5-99c2-42ac-b1f9-c47325604a69&searchtype=ds&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.07 10:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Hans-Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 17:57:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions [2012.10.11 13:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.07 17:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions [2012.10.08 17:38:41 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012.09.25 17:42:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.09.25 17:42:51 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com [2012.09.25 17:42:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\fb_add_on@avm.de [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\firejump@firejump.net [2012.11.06 14:18:32 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\mail@shopping-preise.de [2012.10.18 14:35:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\Firefox\Profiles\l63f1fcz.default\extensions\maps@ovi.com [2012.11.07 17:04:18 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\extension@preispilot.com.xpi [2012.09.25 18:46:06 | 000,009,282 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2012.07.26 07:33:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.30 16:28:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591 b_expire [2012.09.02 16:51:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a 6_expire [2012.09.09 07:48:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df33 6_expire [2012.11.10 15:04:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d07965 8_expire [2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a0983927 5_expire [2012.08.12 13:25:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77 e_expire [2012.08.20 15:20:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f70 8_expire [2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e 9_expire [2012.08.23 12:06:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d0187861633ce04b8c224f2475a283 7_expire [2012.08.29 13:10:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d 9_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41 f_expire [2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e 5_expire [2012.09.04 19:07:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e29 9_expire [2012.11.10 16:09:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528c d_expire [2012.09.05 06:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022 b_expire [2012.11.10 16:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db 7_expire [2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5d f_expire [2012.11.10 16:05:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a 6_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14d c_expire [2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc1 1_expire [2012.08.27 14:03:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db33 8_expire [2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba388057 9_expire [2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254 d_expire [2012.08.20 07:06:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52 b_expire [2012.08.13 09:31:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd1465 1_expire [2012.08.26 14:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6 b_expire [2012.08.28 10:26:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f 6_expire [2012.10.31 16:32:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b13975924 2_expire [2012.09.20 13:18:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0 a_expire [2012.08.25 15:29:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf095227462 4_expire [2012.11.10 15:04:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b 2_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e426427 1_expire [2012.11.10 15:04:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee96 3_expire [2012.10.21 12:48:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb 2_expire [2012.11.10 15:04:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300 d_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6 b_expire [2012.11.06 17:05:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6 f_expire [2012.07.25 07:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\extensions\maps@ovi.com\plugins\package.XPI [2012.09.23 00:45:10 | 000,002,401 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\Web Search.xml [2012.08.27 10:13:16 | 000,001,348 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Roaming\mozilla\firefox\profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml [2012.10.31 09:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.30 17:57:12 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.30 17:57:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.30 17:57:17 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Hans-Dieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun File not found O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} hxxp://bmontessori12.dyndns.org:1119/VatDec.cab (VatCtrl Class) O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://bmontessori12.dyndns.org:1120/RtspVaPgDec.cab (RtspVaPgCtrlNew Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8BD92B-6F2C-4827-852A-084480244670}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.10 15:28:29 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 09:34:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Malwarebytes [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.10 09:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.10 09:34:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.10 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.09 09:07:40 | 004,918,219 | ---- | C] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.06 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\eXPert PDF Editor [2012.11.06 14:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visage [2012.11.06 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft [2012.11.06 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\CAD-KAS [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3 [2012.11.06 14:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3 [2012.11.06 14:18:32 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.11.06 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\DesktopIconForAmazon [2012.10.31 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.31 10:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.10.31 10:05:41 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.10.31 10:05:41 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.10.31 10:05:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.10.31 10:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.10.31 10:05:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.10.31 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.10.31 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Programs [2012.10.30 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.21 13:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\PC-FAX TX [2012.10.18 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\Apple Computer [2012.10.18 16:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.10.18 16:16:26 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.10.18 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.10.18 16:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.10.18 16:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.10.18 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.10.17 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Local\kiwi.software.NET [2012.10.17 10:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET [2012.10.17 10:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kiwi.software.NET [2012.10.14 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\Hans-Dieter\AppData\Roaming\TeamViewer ========== Files - Modified Within 30 Days ========== [2012.11.10 16:11:09 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 15:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.10 13:45:50 | 000,864,265 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.11.10 13:45:50 | 000,046,106 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.11.10 13:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.10 09:34:04 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 07:49:03 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 07:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 07:41:35 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 08:50:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.09 08:50:34 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.09 08:50:34 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.09 08:50:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.09 08:50:34 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.08 18:30:55 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.08 18:24:21 | 004,918,219 | ---- | M] (Phil Harvey) -- C:\Windows\exiftool.exe [2012.11.08 12:49:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 12:49:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.06 14:28:25 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,001,478 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.05 14:54:44 | 000,011,264 | ---- | M] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 19:32:24 | 000,000,262 | ---- | M] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 12:42:13 | 000,427,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.31 10:05:45 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.21 13:54:13 | 000,000,414 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.10.21 13:54:13 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat [2012.10.21 13:53:27 | 000,000,166 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.10.18 16:16:30 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.10.12 07:34:54 | 000,100,864 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll ========== Files Created - No Company Name ========== [2012.11.10 16:11:09 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Dieter\defogger_reenable [2012.11.10 09:34:04 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 14:28:25 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\eXPert PDF Editor.lnk [2012.11.06 14:18:51 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.11.06 14:18:51 | 000,000,990 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\PDF Editor 3.3.lnk [2012.11.06 14:18:32 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.11.06 14:18:32 | 000,001,478 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Amazon.lnk [2012.11.04 19:32:24 | 000,000,262 | ---- | C] () -- C:\Users\Hans-Dieter\Desktop\Run.lnk [2012.10.31 10:05:45 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.10.31 10:05:45 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.18 16:16:30 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.27 16:25:58 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.27 12:45:11 | 000,011,264 | ---- | C] () -- C:\Users\Hans-Dieter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.26 13:45:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.09.26 09:04:37 | 000,000,414 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.26 09:04:37 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.26 09:04:31 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.09.26 09:03:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.26 09:03:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.26 09:03:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.09.26 09:03:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.09.26 06:20:08 | 000,864,265 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.25 16:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.27 10:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 10:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 10:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: OTL Extras logfile created on: 10.11.2012 16:16:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads\firefox\Trojaner-Board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,75% Memory free 11,92 Gb Paging File | 9,36 Gb Available in Paging File | 78,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 205,97 Gb Total Space | 127,29 Gb Free Space | 61,80% Space Free | Partition Type: NTFS Drive D: | 425,58 Gb Total Space | 261,32 Gb Free Space | 61,40% Space Free | Partition Type: NTFS Drive E: | 554,98 Gb Total Space | 382,46 Gb Free Space | 68,91% Space Free | Partition Type: NTFS Drive I: | 662,53 Gb Total Space | 368,80 Gb Free Space | 55,67% Space Free | Partition Type: NTFS Computer Name: HDS-NEU | User Name: Hans-Dieter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{038E0D54-5D80-4FD1-85C5-4EAAA6043A13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{087E198D-6FB9-4261-AFD2-AF3172436139}" = lport=445 | protocol=6 | dir=in | app=system | "{0B96597E-7647-459E-9FB2-EBFC9B85D36D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{12089A0F-68DC-41B3-BECA-2AD713C3E03A}" = lport=2869 | protocol=6 | dir=in | app=system | "{23027D3F-0276-4229-8894-88B72C9F41A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23718321-819D-4F88-88B7-EA3172D2B078}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{255749EC-11E8-4394-881A-20977369406F}" = rport=10243 | protocol=6 | dir=out | app=system | "{262EFCB3-6259-4488-AEDB-1D9982DFCCA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3128D013-35B2-4FE0-AC8D-E05401904EF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{412B00D3-D5BC-4023-8705-9D036CB5DF1E}" = rport=139 | protocol=6 | dir=out | app=system | "{4EA17CFD-7BB5-421C-BAA7-B5DF7051C591}" = lport=10243 | protocol=6 | dir=in | app=system | "{53F7B566-F8B2-423C-AED5-55CAC93E88B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58CF0ADB-6854-4606-B001-47D33F804318}" = lport=138 | protocol=17 | dir=in | app=system | "{61726A0A-D47E-44AA-A63F-A67488972CAF}" = rport=138 | protocol=17 | dir=out | app=system | "{64875DDC-0D3C-43C5-AAC8-1F1A3C5D696E}" = lport=139 | protocol=6 | dir=in | app=system | "{75F44617-C842-4B7F-AB38-02453570D20A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7EDEB10C-74D0-4A90-AB37-2EBC95355756}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8A34C33A-612E-4B45-A1BD-1623BF5F5284}" = lport=137 | protocol=17 | dir=in | app=system | "{8F344123-D5FE-4E1B-AD34-164C62D6B8E8}" = rport=137 | protocol=17 | dir=out | app=system | "{A787D977-8B10-4FE9-A607-02DAA0450887}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{B1676717-AF3A-454E-85F2-F6EE9A657DBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D45C62B6-BD54-4677-A772-B4314EE52B75}" = rport=445 | protocol=6 | dir=out | app=system | "{DF93BBA0-BB0F-4421-B318-2AFA5ED4C9E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E2E9E90D-B353-438F-899F-11B84C35968C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01B7D1AC-8C13-457A-B4D1-E74278444A1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{030B055A-C9AF-4DC8-A2F7-FAB83FEBD363}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{098826DF-E77B-46D0-95F1-23BB980DC7BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1107790B-09BC-4FEF-9085-CE08A7E31A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{114DE25C-8ED3-45E1-AEBC-B87134404738}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{1271F7EF-83C5-44ED-AB20-B469162F3214}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{151B2E39-61EE-452C-9DDF-F7164298C918}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2563B735-D981-4E0E-8645-20D504123337}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E78D05F-8C5A-4EA8-A95B-6157FB0B6884}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{36077467-876E-4135-8F8E-155A319B79DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3B43F95A-68AD-4910-8448-148896582F27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3E3D729F-4EBF-4CCF-B47E-3895D81B22C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{450341DE-7232-49CF-BCD4-A10517834300}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{491318E3-88B2-4628-9FC0-508199A17A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{57CCFC88-A31F-48CE-B830-24A428FC21FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{60F1BF04-1539-48B7-8B4D-A887F15B2D81}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{6BFD7A66-4AA6-46F8-86F7-0AD9972D6DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe | "{6D24ECB9-8B5B-4C07-A8E7-7C4A2FC1EE4C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{6F090AE0-A5AE-4AA8-A0AB-294DF2BEDDB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{799FB540-CDBF-4B2E-B91F-BDD9CF9DA1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{7D2A0EF3-A143-47F2-997E-9AF9CE36647E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7EF42D75-4690-49ED-8778-C70CEB6C97F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7F6B7F4E-8534-4457-83D5-D1FB59766BDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80583741-9F14-4A3E-BC1B-4C48EDB91308}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80EA029A-A0DE-4B82-ADFF-DF8F5D085F43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{83ED9674-C469-4366-BD17-AABFE8986B4E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{8C260E84-A6A7-4693-A04C-2547DDF138B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{92DE0665-E992-45DB-87F2-328595B9C475}" = protocol=6 | dir=out | app=system | "{96F21FDD-6042-4B19-942F-183D62AEEB7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{99653404-4753-40B4-8393-39F0565CB7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{9E00067E-D0AE-4C02-B7C3-766C51F3ED10}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{A1D7AAD2-99B7-41D1-A99F-7831F9B3B998}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA074DF3-1F5B-4586-9ED9-582720BD36BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{AA3D6FA3-CE15-46C2-8DA4-29834DAD7A44}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{AAB120A3-93B3-4F6B-8DDF-1A00B9783D7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD2F087E-8B78-4C55-A961-1E6EAC38933B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{B5CCEFEE-E0AA-41AA-AB21-444E3334196D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B604BB09-B407-44E3-9199-73E9055C5EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl11a\faxrx.exe | "{B757A6E9-6325-4DA8-BD87-E32FD382F324}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{C5E36D19-9318-43F4-AAAC-3BAC16712458}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E18D1F1C-4498-4BE5-960E-111AE3FD0FF4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E614AA49-CA55-4A25-B466-929246581903}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{E9383476-AE82-45F8-A370-64AE070ED693}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{EDF6E06F-62F8-4CC9-8AF4-8A1259E53474}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{F2C70E78-DD31-4CC1-AFDF-13A7F34BB997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDDB76EA-271D-4CF5-B4CA-131FDFB59999}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01DA217A-DB5F-B568-6932-42407D209516}" = ccc-utility64 "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1CE06D2F-BA28-05FE-9E14-E2BB013E1AE3}" = ATI AVIVO64 Codecs "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{727B5F1A-C702-E5AA-11BB-7A74A775F19D}" = ATI Catalyst Install Manager "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D6E46FC2-B513-4B7D-8C8C-352F4735C541}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "DesktopIconAmazon" = Desktop Icon für Amazon "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PC-Doctor for Windows" = Dell Support Center "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012 "{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0BAF04C4-9D21-2761-95A6-DE2DA9861323}" = CCC Help Spanish "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding "{1D04B4D4-80C2-4F02-B5BE-3A5991FF6077}" = MetaEditor "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{24D3ACAC-E441-AF66-94CF-0C021A4EFBD8}" = Catalyst Control Center Localization All "{265245FC-4ECC-C35A-F2A9-3E915BFB2F6F}" = Catalyst Control Center Graphics Previews Common "{268679E8-7198-F2E6-5A71-F3D4C9A0C2FB}" = CCC Help Italian "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox "{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{38B2B0F6-0C7F-ECE6-9A61-C546658508F4}" = ccc-core-static "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4261174B-FCD7-CD19-E81C-24262EB5AF42}" = CCC Help Greek "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{4623BAA6-0B23-4D47-ABD0-73F2DA4FAF56}" = capella 7 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C352349-421A-7E87-C7BD-DF27162B12CA}" = Catalyst Control Center Graphics Previews Vista "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience) "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5CCF2E33-181B-BD49-57AE-B513D37C6909}" = CCC Help English "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{649483EB-B464-1EE2-04E4-4BEC79B510D4}" = CCC Help German "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6A646891-7B53-C462-0B71-401E519D198C}" = Catalyst Control Center InstallProxy "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution "{75F36A60-9969-C24F-5EB1-6DBC03F15196}" = CCC Help Russian "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}" = Nero 11 Platinum "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{8015502B-6160-4C2C-9F40-8F90C651FC76}" = TAXMAN 2012 spezial "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013 "{887D48C8-DA00-232B-3CB6-0FB086AD6FBB}" = CCC Help Chinese Standard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CF2328D-A3D1-B08C-E868-68CDA4025E1D}" = CCC Help Polish "{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-1146-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{915284CD-1A88-82B0-7ED8-08BCF1B8509A}" = CCC Help Norwegian "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A37A1678-0971-4EF6-9609-1F2E67A738FC}" = eXPert PDF Editor "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken DELUXE Jubiläumsversion "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A984E262-1C7B-440E-BBBE-4A3FFCB9229C}" = Plus Pack für Acronis True Image Home 2012 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{ABEE1201-0FEA-E62F-6CB9-5D54BEB5E4AA}" = CCC Help Dutch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B82EC7CD-5FB1-32A5-444A-8F896B734CC7}" = CCC Help Korean "{B89E66E6-659A-9078-2BDF-14E8C11928AA}" = CCC Help Chinese Traditional "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF6A826-DF92-8954-98F1-2CC67C6B419E}" = CCC Help Portuguese "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD1F6F85-E64B-4801-A513-F18095577AEB}_is1" = E-Postbrief Add-In für Microsoft Word Version 1.17 "{BD6A872A-A0AE-36FC-9284-6E3595FB39ED}" = CCC Help Danish "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C626B47C-8312-4D8C-89E1-16FE42EF34E6}" = Lotus Notes 6.5.1 de "{C9461813-98BB-5823-FFAB-11FBD1B124DF}" = CCC Help Japanese "{CB10C32F-807C-46E4-940C-E7820653B480}" = DDBAC "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D1AE1C98-646A-DC21-076A-0FD5957FCAD2}" = CCC Help Czech "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4A97EBC-ABA6-9F3A-1EE0-D5B6C36FDFB5}" = CCC Help Finnish "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5AF275B-D4B1-EE5E-27BD-844C491B86CA}" = CCC Help Swedish "{E5FCC675-C479-3CAB-0B9E-CC1838417049}" = CCC Help Hungarian "{E9811C8F-D729-01D3-9347-DCE297354C0A}" = CCC Help French "{EA4340F5-7676-693D-A908-DF9D44771F7B}" = CCC Help Thai "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EC637522-73A5-4428-8B46-65A621529CC7}" = Microsoft Location Finder "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F09C03B6-CF93-5099-4ED7-CF47DB2027E6}" = CCC Help Turkish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "Acoustica_is1" = Acoustica 4.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Core FTP LE 2.1" = Core FTP LE 2.1 "DPP" = Canon Utilities Digital Photo Professional 3.4 "dradio-Recorder_is1" = dradio-Recorder Version 3.02.6 "EOS Utility" = Canon Utilities EOS Utility "GeoSetter_is1" = GeoSetter 3.4.16 "Google Chrome" = Google Chrome "InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera" = Canon Utilities MyCamera "MyTomTom" = MyTomTom 3.0.2.319 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "PDF Editor 3" = PDF Editor 3 "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "Picture Style Editor" = Canon Utilities Picture Style Editor "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SMOz" = SMOz "TeamViewer 7" = TeamViewer 7 "UPM" = Universal Password Manager "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility "XnView_is1" = XnView 1.99.1 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8049 Error - 04.11.2012 04:27:38 | Computer Name = HDS-Neu | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8049 Error - 06.11.2012 03:08:00 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 844 Startzeit: 01cdbbecf5c6a738 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 06.11.2012 09:17:37 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_expert-pdf.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 06.11.2012 09:17:42 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\pdf\SoftonicDownloader_fuer_pdfcreator.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 07.11.2012 02:46:55 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d84 Startzeit: 01cdbcb3849195cb Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 10.11.2012 06:49:23 | Computer Name = HDS-Neu | Source = Application Hang | ID = 1002 Description = Programm Mail.exe, Version 6.10.0.3 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c04 Startzeit: 01cdbf103def9d03 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe Berichts-ID: Error - 10.11.2012 11:13:52 | Computer Name = HDS-Neu | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\dradio-Recorder\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 10.11.2012 11:14:04 | Computer Name = HDS-Neu | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel: 0x45a38d1f Name des fehlerhaften Moduls: eMailPlugIn.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x47d9e700 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03af017c ID des fehlerhaften Prozesses: 0xf28 Startzeit der fehlerhaften Anwendung: 0x01cdbf103ee98d80 Pfad der fehlerhaften Anwendung: C:\PROGRA~2\T-Online\T-ONLI~1\Notifier\Notifier.exe Pfad des fehlerhaften Moduls: eMailPlugIn.dll Berichtskennung: 434ba723-2b49-11e2-bf1e-404e57434401 [ System Events ] Error - 04.10.2012 03:00:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:41 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 01:37:42 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden. Error - 05.10.2012 01:37:43 | Computer Name = HDS-Neu | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error - 05.10.2012 06:28:33 | Computer Name = HDS-Neu | Source = WMPNetworkSvc | ID = 866300 Description = Error - 05.10.2012 06:40:48 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = Error - 06.10.2012 10:42:16 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = Error - 07.10.2012 02:43:11 | Computer Name = HDS-Neu | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "" können nicht gelesen werden. Error - 09.10.2012 07:48:35 | Computer Name = HDS-Neu | Source = DCOM | ID = 10010 Description = < End of report > |
| Themen zu Firefox staret automatisch http://ad.adserverplus.com/ mit leerem Fenster |
| 7-zip, akamai, antivirus, bho, bonjour, brief, canon, desktop, document, email, error, expert pdf, fehler, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, mozilla, plug-in, problem, registry, richtlinie, rundll, scan, security, senden, software, svchost.exe, visual studio, windows |
Baum-Darstellung