| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer von FBI Ransomware befallenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.11.2012, 21:56
| #1 |
| |  Computer von FBI Ransomware befallen Habe mir heute eine Ransomware eingefangen, eine vom FBI, die per Moneypak 200 Dollar fordert. Avira hat ihn erkannt und in Quarantäne gesteckt. Allerdings ist bei 1 von 3 Benutzern aufgepoppt, dieser ist jetzt gesperrt, die andern 2 funktionieren aber noch ohne Einschränkung. Möchte die Ransomware natürlich so schnell wie möglich loswerden und habe mich im Internet umgeschaut, habe allerdings nichts Hilfreiches dazu gefunden. Viele Programme scheinen mir sehr dubios und unsicher. Aus diesem Grund hätte ich gerne Euren Rat zu diesem Thema, möchte da nichts falsch machen. Habe natürlich OTL durchlaufen lassen (siehe unten). Würde mich über Hilfe sehr freuen.  OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/14/2012 9:22:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Documents Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.10% Memory free 4.21 Gb Paging File | 2.84 Gb Available in Paging File | 67.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.00 Gb Total Space | 53.60 Gb Free Space | 45.05% Space Free | Partition Type: NTFS Drive D: | 30.04 Gb Total Space | 20.61 Gb Free Space | 68.60% Space Free | Partition Type: FAT32 Computer Name: ****** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Verena\Documents\OTL.exe (OldTimer Tools) PRC - C:\Users\Verena\AppData\Local\Programs\Opera\opera.exe (Opera Software) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () MOD - C:\Users\Verena\Documents\phonostar-Player\QtCore4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\QtSql4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\QtGui4.dll () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Programme\Launch Manager\WButton.exe () MOD - C:\Programme\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (Extensions Updates Service) -- C:\Programme\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe (Extensoft) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\..\URLSearchHook: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/414 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {ff19b72a-36ed-4066-8865-a580ae938cce} - No CLSID value found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{5AE06BBB-38EA-460B-A226-733EBD56D6E9}: "URL" = https://www.xing.com/app/search/?op=universal&ref=os&universal={searchTerms} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stardoll.com/ IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes,DefaultScope = {B0616C55-6A9F-4945-932A-6190BB21A21F} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{B0616C55-6A9F-4945-932A-6190BB21A21F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MEDA_de IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 129.241.88.65:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/414" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.3.1.00 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/25 20:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/12 13:44:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/09/03 15:41:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/09/24 20:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 16:04:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/24 20:45:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/12 13:44:06 | 000,000,000 | ---D | M] [2011/09/01 15:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Extensions [2010/02/01 13:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011/11/24 19:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions [2011/01/05 15:03:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/09/01 15:17:25 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2010/07/05 14:52:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/03/08 18:53:05 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\gutscheinmieze@synatix-gmbh.de [2011/07/16 20:30:58 | 000,000,961 | ---- | M] () -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\firefox\profiles\qxrfus66.default\searchplugins\icqplugin.xml [2011/09/01 15:16:52 | 000,002,503 | ---- | M] () -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\firefox\profiles\qxrfus66.default\searchplugins\SearchResults.xml [2012/02/03 18:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/03/23 17:49:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/11/05 16:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012/02/03 18:55:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2008/10/20 18:40:32 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2009/01/17 12:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2010/11/05 16:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/09/01 15:17:54 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012/01/25 20:13:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/01/25 11:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010/01/20 21:00:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/20 21:00:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/03/08 18:53:06 | 000,000,140 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Google.src [2010/01/20 21:00:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/09/01 15:16:52 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2010/01/20 21:00:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/20 21:00:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Stardoll Toolbar) - {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Stardoll Toolbar) - {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Stardoll Toolbar) - {192A6019-26D2-4611-AEAD-07CD7733B146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll File not found O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\Toolbar\WebBrowser: (Stardoll Toolbar) - {192A6019-26D2-4611-AEAD-07CD7733B146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [Naugzue] "C:\Users\Ursula Gnas\AppData\Roaming\Anad\xati.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [phonostarTimer] C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6.6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"hxxp://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=356&nc_referer=&age=1&hiscore=208&sp=0&questionSet=&r=3298294&&width=480&height=460&quality=high" File not found O4 - Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} hxxp://ferrets4you.viewnetcam.com/JpegInst.cab (pmjpegaudio Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222615440 (Image Uploader Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCD213F1-878A-492A-B886-CEF093D5CD23}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/03 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ursula Gnas\Documents\RL Magazin [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/14 21:27:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/14 21:17:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/14 21:17:42 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Ursula Gnas.job [2012/11/14 21:03:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/14 20:34:58 | 000,638,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/14 20:34:58 | 000,130,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/14 20:34:58 | 000,108,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/14 20:34:58 | 000,004,892 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/14 20:30:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 20:30:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 20:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/14 20:30:09 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012/11/14 12:52:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Ursula Gnas.job [2012/11/10 13:28:38 | 000,197,375 | ---- | M] () -- C:\Windows\hpwins27.dat [2012/11/08 15:45:59 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Ursula Gnas.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/16 14:44:03 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Ursula Gnas.job [2012/10/16 14:44:02 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Ursula Gnas.job [2012/10/16 14:44:01 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Ursula Gnas.job [2012/07/07 22:34:01 | 002,043,854 | ---- | C] () -- C:\Users\Ursula Gnas\ALMASED_Planfigur_Fasten.pdf [2012/06/08 11:06:24 | 000,820,340 | ---- | C] () -- C:\Users\Ursula Gnas\Prinzessinenbenimmabzeichen.pdf [2012/06/08 11:00:53 | 003,343,241 | ---- | C] () -- C:\Users\Ursula Gnas\Prinzessinen Akademie.pdf [2012/05/12 13:24:02 | 000,197,375 | ---- | C] () -- C:\Windows\hpwins27.dat [2012/04/29 19:47:19 | 000,364,403 | ---- | C] () -- C:\Users\Ursula Gnas\Karte Lauterbach.mht [2012/04/29 19:45:01 | 000,603,285 | ---- | C] () -- C:\Users\Ursula Gnas\Extratour_Lauterbach.pdf [2012/04/17 20:24:06 | 000,031,325 | ---- | C] () -- C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml [2011/08/04 20:13:25 | 000,073,163 | ---- | C] () -- C:\Users\Ursula Gnas\Haushaltsplan.pdf [2011/05/24 06:57:46 | 000,087,074 | ---- | C] () -- C:\Users\Ursula Gnas\Marburg - Stadtplan Sehenswr.._1.pdf [2011/05/06 20:07:43 | 000,279,986 | ---- | C] () -- C:\Users\Ursula Gnas\991136764.pdf [2011/04/29 19:51:17 | 000,499,697 | ---- | C] () -- C:\Users\Ursula Gnas\Prospekt_Wanderweg.pdf [2011/04/29 12:37:48 | 001,643,688 | ---- | C] () -- C:\Users\Ursula Gnas\1188300022_wandern.pdf [2011/03/04 22:01:32 | 001,521,450 | ---- | C] () -- C:\Users\Ursula Gnas\Traumeel.mht [2010/11/25 10:53:35 | 000,044,285 | ---- | C] () -- C:\Users\Ursula Gnas\TKS-9c Kontaktdaten.pdf [2010/10/16 18:51:22 | 000,342,925 | ---- | C] () -- C:\Users\Ursula Gnas\Biologika bei pA.pdf [2010/07/31 21:32:14 | 000,439,940 | ---- | C] () -- C:\Users\Ursula Gnas\BewegungArthritis.pdf [2010/03/11 12:29:02 | 000,255,448 | ---- | C] () -- C:\Users\Ursula Gnas\Praxisverlegung pt Journal.pdf [2010/03/11 12:16:19 | 000,032,724 | ---- | C] () -- C:\Users\Ursula Gnas\Verlegung des Vertragsarztsitz.pdf [2010/01/24 17:49:19 | 000,001,182 | ---- | C] () -- C:\Users\Ursula Gnas\aristoteles.htm [2010/01/24 17:49:05 | 000,013,521 | ---- | C] () -- C:\Users\Ursula Gnas\abel2.jpeg [2010/01/07 20:26:47 | 000,861,282 | ---- | C] () -- C:\Users\Ursula Gnas\Nachbesetzung Psychologe von Arzt.pdf [2009/12/29 20:10:27 | 000,039,123 | ---- | C] () -- C:\Users\Ursula Gnas\Aktuell EI.jpg [2009/12/25 10:10:50 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini [2009/12/06 20:41:35 | 000,118,023 | ---- | C] () -- C:\Users\Ursula Gnas\Ausschneiden.jpg [2009/09/10 20:29:33 | 000,093,978 | ---- | C] () -- C:\Users\Ursula Gnas\04-109 PA und EI.rtf [2009/09/03 19:58:11 | 000,165,949 | ---- | C] () -- C:\Users\Ursula Gnas\Burnout.pdf [2009/09/02 10:49:27 | 001,091,825 | ---- | C] () -- C:\Users\Ursula Gnas\Sucht-am-Arbeitsplatz.pdf [2009/09/02 10:24:45 | 000,034,425 | ---- | C] () -- C:\Users\Ursula Gnas\Sucht Rost.mht [2009/09/02 08:53:25 | 000,188,064 | ---- | C] () -- C:\Users\Ursula Gnas\Lohmer_Kap.9.pdf [2009/09/02 08:48:44 | 000,660,532 | ---- | C] () -- C:\Users\Ursula Gnas\organisationsberatung Lernen im Team.pdf [2009/09/02 08:47:46 | 000,185,960 | ---- | C] () -- C:\Users\Ursula Gnas\Das ubw in Organisationen.pdf [2009/09/02 08:33:55 | 000,100,884 | ---- | C] () -- C:\Users\Ursula Gnas\Lehrgang_LCO_WPAk__2010_11.pdf [2009/09/02 08:12:45 | 000,129,339 | ---- | C] () -- C:\Users\Ursula Gnas\Flyer-Leitungscoaching-2009.pdf [2009/09/02 07:25:56 | 000,051,526 | ---- | C] () -- C:\Users\Ursula Gnas\stress_vermeiden[1].pdf [2009/09/02 07:24:46 | 000,300,123 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_372_1_i[1] Stressm Inh..pdf [2009/09/02 07:17:29 | 000,229,267 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_354_3_i[1] Zeit Inhv..pdf [2009/09/02 07:15:11 | 000,070,305 | ---- | C] () -- C:\Users\Ursula Gnas\978_3_89749_647_7_k[1] Selbstman.pdf [2009/09/02 07:08:55 | 000,126,055 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_354_3_k[1] Zeitm.pdf [2009/07/05 14:30:57 | 000,004,904 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr [2007/11/03 18:23:04 | 000,020,992 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/09/08 12:52:31 | 000,000,680 | RHS- | C] () -- C:\Users\Ursula Gnas\ntuser.pol [2007/09/06 18:42:17 | 000,005,224 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Roaming\wklnhst.dat [2007/09/05 16:11:28 | 000,000,099 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007/11/04 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\.pknowledge [2012/11/14 20:51:42 | 000,000,000 | -HSD | M] -- C:\Users\Bernhard\AppData\Roaming\159485 [2007/09/15 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\BullGuard [2011/10/09 16:42:54 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Canon [2007/11/04 15:41:38 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DataDesign [2012/11/14 20:50:46 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Eniz [2009/03/09 18:59:26 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\ICQ [2011/04/17 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\InterVideo [2008/08/25 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\NewSoft [2012/11/14 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ogemqa [2012/03/08 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\OpenOffice.org [2011/05/12 19:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Opera [2012/11/14 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Owuf [2008/06/24 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Sonavis [2007/11/04 15:58:13 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Template [2007/09/08 12:57:04 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ulead Systems [2012/06/27 16:10:20 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\.minecraft [2007/12/16 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\.pknowledge [2012/09/26 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Anad [2010/01/08 13:50:33 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Artisteer [2011/08/24 12:36:18 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Canon [2009/05/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\CoSoSys [2011/09/01 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoft [2011/04/20 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoftIEHelpers [2011/09/01 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\FreeVideoConverter [2012/09/22 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Fuis [2011/03/08 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Gutscheinmieze [2012/09/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Hany [2009/03/23 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ICQ [2010/01/26 17:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\IN-MEDIAKG [2012/11/14 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\LimeWire [2007/09/10 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\MAGIX [2009/05/22 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\NewSoft [2010/11/05 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\OpenOffice.org [2011/05/20 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Opera [2008/08/25 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ScanSoft [2011/03/11 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ShinyTales [2008/10/22 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Sonavis [2011/01/28 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\SumatraPDF [2007/09/06 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Template [2007/09/05 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Ulead Systems [2012/08/09 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\.minecraft [2007/11/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\.pknowledge [2010/09/03 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ASCON Installer [2007/09/13 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\BullGuard [2008/11/30 11:50:09 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canon [2009/07/22 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\com.boomerang.virtualpet.VirtualPuppy.9FF3ACFC898E08433FEA147D91B7D0C65CBC0149.1 [2012/10/09 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\CoSoSys [2011/03/26 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\de.closeup.fotowerkstatt.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2009/09/16 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Desktopicon [2012/11/14 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Dropbox [2011/09/01 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft [2009/09/03 16:08:51 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Flock [2012/06/08 13:50:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\FreeVideoConverter [2010/08/29 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\gtk-2.0 [2008/10/17 09:29:27 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ [2008/05/02 14:49:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\InterVideo [2011/09/30 13:25:14 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\OpenOffice.org [2011/04/07 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Opera [2010/02/12 12:17:16 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\phonostar GmbH [2007/11/07 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Sonavis [2007/09/24 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Template [2007/09/08 12:58:28 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Ulead Systems [2010/02/21 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\VMedia [2008/11/29 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 949 bytes -> C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml:OECustomProperty @Alternate Data Stream - 936 bytes -> C:\Users\Ursula Gnas\Documents\Re_ Überweisung und Vorschlag bzgl_ weiterem Vorgehen.eml:OECustomProperty @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6FD3C973 < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/14/2012 9:22:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.10% Memory free
4.21 Gb Paging File | 2.84 Gb Available in Paging File | 67.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.00 Gb Total Space | 53.60 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
Drive D: | 30.04 Gb Total Space | 20.61 Gb Free Space | 68.60% Space Free | Partition Type: FAT32
Computer Name: URSULAGNAS-PC | User Name: Ursula Gnas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\Verena\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B404A06-B587-441B-8508-574197EE5664}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B5140AF-9441-44D4-9BB7-17A2834E8641}" = lport=445 | protocol=6 | dir=in | app=system |
"{43EF6138-AD6E-44B4-80A0-06A8B56A1E94}" = rport=137 | protocol=17 | dir=out | app=system |
"{48445252-CEFB-44DD-A8F3-1B309830FAD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E6BF190-640D-4BF4-9626-0504AD6F60B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FBB3CF8-7B9D-499E-8E15-7CDE0DF18B8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{71A20DCA-BF23-4822-86E7-0C54D914A04F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DA37AA9-C677-403D-8F69-0686704FE5EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{93DA0FC7-B2D8-4C99-9AF1-49B07E1618EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0CD124C-0DFD-4CC3-80FC-361392C8AB96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF1172AF-59AA-4611-B521-2B8E5219113D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B7BF7815-6F48-4A6A-9166-27B772895CD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8381C8A-70FD-4A7D-B069-52DD3514A87E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C0DC0D92-42A1-4E07-A635-6BCA8F03913D}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6633CDE-3669-4250-AF1D-23730B025600}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DFFC37CF-DC71-4304-B698-2ADE24891997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E00D995A-EE1F-4ED5-BB02-0B4D974F1E1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C85710-603A-4908-A983-1B9039837A2E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F96A3BF6-B297-40BC-9F32-8965FEA1E8C8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03082FF1-2E27-4CF6-8ABA-837F151757C1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{051E6A70-6126-4C9A-9816-703F0F700716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{05A11FC7-5CA4-4E6C-9C87-1BAD3B4E6291}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0C88D5C7-D0F2-4DA2-9138-F23B3903FD85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E22AD1C-9DFD-4D05-A1B7-1A13D0B09F6C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{1238CD5D-D507-4072-AF12-D16EA22EC589}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{16A82BA1-9A49-48C1-AE21-EBAD7E336A94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{173049DD-BB4A-4461-96F6-86543770D65F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{1747FACC-F786-4B86-90B8-DD68DF47A8E0}" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"{189CC824-B11A-4014-936D-1D3A602BE0A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{19F9BCD8-248B-4B8C-A64B-5ED45C1D64D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{1C06827B-0B4E-4521-8809-77C8259009AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{25D9EF95-DC57-4532-B904-6CE7D6DBFAD5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2657836C-2472-4F51-8CE9-E1427AA79788}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{36B8CDC8-A74E-4030-ACEB-A1983E252845}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{3AE2FBD3-AF37-464B-918C-F437F2C8EC07}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{41718033-6D52-4893-9F2C-1005DDF9F60B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42A9789A-32DD-49D8-AB58-56F97299CECE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4368AA7B-D442-4036-B45D-CD59BE3AA5F1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{44CE3DAE-D928-41D1-8DEF-957B3B0B6B4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A5DAA8B-4681-4594-9E74-B7D6586DD783}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5B30D2B9-3AA6-4091-8B69-DDD2FAA1C800}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5DDBF92A-8B37-4D44-B8E2-571CEAE2D345}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5F5AF7D2-487F-4AE4-A106-A504DAE00320}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{67C8B715-C451-458D-8F93-77CFEFFD4F6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{6B04FD92-7DAB-4CFD-B43A-1E49168A3922}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7600E43F-6320-41B0-98E5-8303D3D2C48E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{82585F82-ADD5-4EB5-B33A-2D3E6B7277FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{83131CC3-1563-4E39-BA8C-86501DA3AE21}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{86810B14-6669-41A0-87CA-EC259EE41EC8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A353834D-A986-43EF-BE4D-277A1C5E31B9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{A9318A6B-978F-4CF6-A252-754336B52578}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B252BC31-9605-41E4-A9DE-B74CFF671C9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4C4F9DB-2428-42C7-BE74-E993489B51AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B88BF8F2-6463-43A7-AD75-F5ACF81CFD60}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{BCAC798E-9B72-4F51-BD45-A73B9DA1EFE8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCC5B7FE-0747-462E-9E14-5C1868E83E89}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BD625F33-9D4B-49A6-85F9-752E706BC27A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BDDD5A65-8E58-43B2-84DB-42AE14E218FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BF771245-A1AC-47A8-B1A1-079645A2E58F}" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C36E771D-8C7C-45CE-9EEF-39E354E2FF45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4C216C5-CA96-458D-945E-9FE738555719}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D60339EE-01B1-45F2-9EBD-3F656CDA0D93}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{D8C62779-D560-4F92-83F8-0DF5A8B88DBD}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{E6BC0548-4175-44AF-8B9C-93379DFD465A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E86029FF-386B-42F6-B0C2-BEBEE0D1C97A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFBD8F08-A315-45ED-863D-1D0EFC2A23A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F74998ED-9FF9-4D8C-BC13-BD666FE67CB3}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FB62E809-13ED-4E21-AC1A-065F1378B861}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC6720A9-BDCD-4A5D-B868-DC237B5075E0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{FC6BEDC5-A23E-40C8-8750-D8515AD9A2E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{09D732FC-B93A-4707-BA01-151E14A64F0A}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{0D33D9F8-370D-4FAF-AEB3-54C94A3428A3}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{505364F9-A1D4-475A-B787-11E57C6C0E53}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F2A51C2-E8B7-4F9C-B2E2-238E7E55A6A2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62894636-093A-448F-9D99-A3939B8D6788}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{641B56D9-9348-403B-84DF-AD6124F98988}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{91DB75D5-DAED-4DE8-82F6-1CF9F8391E0F}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{954938C9-02F2-40A6-9FC0-86EC6A2260EC}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"TCP Query User{9F17D443-D8D9-431A-B10B-9BFECD8B8DAD}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"TCP Query User{A09D9804-34EA-4E3D-939A-A224114D404A}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{A7066F63-68D3-47EC-A5EE-15F6F8D0559D}C:\program files\freeciv-2.0.9-gtk2\civclient.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civclient.exe |
"TCP Query User{B1012B3A-C2DC-4256-873C-04EFDED6C452}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{EC4FF5EB-BE8D-489C-AB05-B540DA434F76}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F0DA33E7-CB31-40FC-A942-6D5158B99FA4}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"TCP Query User{F2B290C7-80C1-40D4-B3CB-19A452287FCB}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{FF796FC5-13CE-4C39-A9DD-EF81925620D5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{13848698-1968-41D7-A81A-6716496CE547}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{39515BBE-FECD-4C63-92A4-B5A3616A0674}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"UDP Query User{3C4BBF75-4BA1-448B-87FC-1FD9D5EF99B7}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50EA9608-D576-4684-9A11-BC5452056684}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"UDP Query User{5C9D1028-91BC-4E1F-B1E5-BAFAAA264798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6B7EC544-765F-4087-92BA-F037AE1AED81}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{727E6E51-2F5C-46DA-BF9A-0AD21F91F40A}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"UDP Query User{824434B5-35D8-4B8E-9600-C3F15BAA1B2E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9254165B-0921-4B32-8767-20E0BE0D4936}C:\program files\freeciv-2.0.9-gtk2\civclient.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civclient.exe |
"UDP Query User{94E153D8-7FD2-4065-93D8-AF8DE2080856}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{98CC1495-5B1D-4D8A-A3DD-968D2D826005}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A452D340-D29F-4DBD-AF23-BCEC7CC32C55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{A6A3DA05-DC5E-4CB2-87A6-F557AAA2E02D}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{C53B193B-0D7E-40E6-A950-61E8D58B9539}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{DE608265-B36C-47A4-9FC8-DCF7D0222E31}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{EF0A1420-EC62-4E87-9667-3B2F900D7CE7}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{36C3A0DA-07E0-4173-A406-D9308C1CBDAB}" = ArcSoft VideoImpression 2
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D24A762-F5A2-41C1-9F0A-300B4D8D5A2B}" = Mathe Klasse 8-10
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E8C2BA2-F4CA-4A1D-A690-6B9A411DAF8B}" = ArcSoft PhotoImpression 5
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{5BDD4025-01EB-4698-9238-9F783C26CFAE}" = ORGA 900 (CD 05.2009)
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F69001-4D35-4BEA-A074-26DA04EA0CDA}" = MegaCam
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9845F2F-455C-4E76-9599-159AE471DB59}_is1" = Subvein Mutant Factions v0.71
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C07AC662-A823-B19B-72A4-606096DCE07A}" = CloseUp-Fotowerkstatt
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Fotobuch Druck Service_is1" = ALDI Fotobuch Druck Service
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Artisteer 2" = Artisteer 2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon MX300 series Benutzerregistrierung" = Canon MX300 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.closeup.fotowerkstatt.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = CloseUp-Fotowerkstatt
"Debut" = Debut Video Capture Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Epikur 3" = Epikur 3
"Extensions for Windows" = Extensions for Windows
"eyrie_screensaver" = eyrie_screensaver
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Flock (2.5.2)" = Flock (2.5.2)
"FotoWorks XL_is1" = FotoWorks XL
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.0.602
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Realms Installer" = Free Realms Installer
"Free Video Converter_is1" = Free Video Converter V 3.0
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.21.602
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Freeciv-2.0.9-gtk2" = Freeciv 2.0.9 (GTK+ client)
"GM(S) - Toolbar" = GM(S) - Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HyperCam 2" = HyperCam 2
"iLivid" = iLivid
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LetsTrade" = LetsTrade Komponenten
"LimeWire" = LimeWire 5.4.6
"LoeweLex" = Löwenzahn Lexikon
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Neopets - Blossom" = Neopets - Blossom Screen Saver
"Neopets - Gnomes raid the Pant Devil" = Neopets - Gnomes raid the Pant Devil Screen Saver
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"OpenAL" = OpenAL
"Opera 11.60.1185" = Opera 11.60
"Opera 12.10.1652" = Opera 12.10
"Picasa 3" = Picasa 3
"Plants vs. Zombies" = Plants vs. Zombies
"Prism" = Prism Video Converter
"PsychoDat Einzelversion Demo" = PsychoDat Einzelversion Demo
"Psycom" = Psycom
"RealPlayer 12.0" = RealPlayer
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = eBay.de - Skype 3.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Stardoll Toolbar" = Stardoll Toolbar
"SumatraPDF" = SumatraPDF
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.6
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HappyCloud" = Happy Cloud Client
"LOTROde" = Der Herr der Ringe Online
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Opera 12.10.1652" = Opera 12.10
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.3
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"Sweet Home 3D" = Sweet Home 3D
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 11/10/2012 8:24:36 AM | Computer Name = UrsulaGnas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqgpc01.exe, Version 130.0.14.16, Zeitstempel
0x49dd90d9, fehlerhaftes Modul hpqgpc01.exe, Version 130.0.14.16, Zeitstempel 0x49dd90d9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a267, Prozess-ID 0x1688, Anwendungsstartzeit
01cdbf3e04c150e0.
Error - 11/10/2012 8:32:52 AM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3024
Description =
Error - 11/13/2012 12:26:09 PM | Computer Name = UrsulaGnas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqgpc01.exe, Version 130.0.14.16, Zeitstempel
0x49dd90d9, fehlerhaftes Modul hpqgpc01.exe, Version 130.0.14.16, Zeitstempel 0x49dd90d9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a267, Prozess-ID 0x1660, Anwendungsstartzeit
01cdc1bb37230720.
[ OSession Events ]
Error - 12/22/2007 1:16:06 PM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 224
seconds with 180 seconds of active time. This session ended with a crash.
Error - 9/29/2010 3:32:52 PM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8268
seconds with 4620 seconds of active time. This session ended with a crash.
Error - 2/10/2011 11:56:34 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115
seconds with 0 seconds of active time. This session ended with a crash.
Error - 1/12/2012 5:05:13 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1549
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 4/15/2012 4:27:29 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/13/2012 12:21:56 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/13/2012 2:45:43 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 6:50:24 AM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 12:59:26 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 1:16:39 PM | Computer Name = UrsulaGnas-PC | Source = DCOM | ID = 10010
Description =
Error - 11/14/2012 1:20:33 PM | Computer Name = UrsulaGnas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.11.2012 um 18:18:50 unerwartet heruntergefahren.
Error - 11/14/2012 1:22:03 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 2:26:34 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 3:30:57 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 3:50:02 PM | Computer Name = UrsulaGnas-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
| Themen zu Computer von FBI Ransomware befallen |
| 32 bit, adware.adon, antivir, auftrag, backdoor.agent.rs, bandoo, bonjour, canon, desktop, dubios, ebay.de, hotkey.sys, install.exe, internet, kunde, launch, limewire, lösegeld-trojaner, malware.trace, moneypak, office 2007, officejet, plug-in, pup.loadtubes, pup.offerbundler.st, ransomware, realtek, rootkit.0access, security, sketchup, software, spyware.zeus, super, svchost.exe, symantec, trojan.downloader, trojan.fakealert, trojan.ransom, trojan.siredef.c, vista, wrapper |
Baum-Darstellung