| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.03.2013, 09:28
| #1 |
 |  Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Hallo, nachdem ich dachte, den Groupon-Verschlüsselungstrojaner gefangen zu haben, hat Malwarbytes insgesamt 107 infizierte Objekte mit pup.blabbers gefunden. Alle sind in Quarantäne. Ein erneuter Quckscan mit Malwarebytes zeigte keine Ergebnisse. Ich kann Dokus, Bilder, Audio etc. normal öffnen. Nach dem Scannen mit Defogger - keine Fehlermeldung - und OTL (Ergebnisse s.u.) wäre der nächste Schritt lt. eurer Anleitung, gmer.exe auszuführen. Jedoch gelingt es mir nicht, die Seite zu laden ("Die Verbindung zum Server wurde zurück gesetzt, während die Seite geladen wurde"). Was kann ich bitte tun? Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.07.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ulrike :: ULRIKE-PC [Administrator] Schutz: Aktiviert 08.03.2013 00:16:42 MBAM-log-2013-03-08 (00-30-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225388 Laufzeit: 12 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 76 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\installer_wavelab_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) OTL logfile created on: 08.03.2013 11:35:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free 6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe PRC - [2013.02.20 10:14:43 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.18 13:28:29 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cfp.exe PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) -- C:\Programme\ToolKitService\toolkitservice.exe PRC - [2011.10.26 09:15:47 | 005,361,272 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe PRC - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe PRC - [2009.08.14 12:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.08.01 01:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe PRC - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe PRC - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2009.06.19 23:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2009.06.11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe PRC - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NlsSrv32.exe PRC - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe PRC - [2009.02.01 09:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2009.02.01 07:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.11.24 22:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 10:14:43 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.17 20:33:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 23:00:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.09 22:45:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 22:44:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 22:44:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 22:44:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 22:44:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.28 20:42:14 | 000,652,800 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.22 14:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll MOD - [2010.01.22 14:45:36 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe MOD - [2009.07.27 12:17:10 | 000,249,856 | ---- | M] () -- C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll MOD - [2009.07.27 12:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll MOD - [2009.06.03 12:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll MOD - [2008.11.12 13:29:06 | 000,004,608 | ---- | M] () -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll ========== Services (SafeList) ========== SRV - [2013.02.27 19:27:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 10:14:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.10.01 20:30:04 | 000,150,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2012.10.01 20:30:02 | 004,846,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) [Auto | Running] -- C:\Programme\ToolKitService\toolkitservice.exe -- (ToolkitSvc) SRV - [2011.03.06 10:36:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.03.01 15:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.02.03 20:50:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV) SRV - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NlsSrv32.exe -- (nlsX86cc) SRV - [2009.06.03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2008.11.12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.08 00:37:56 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2012.11.08 00:37:55 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.11.08 00:37:54 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.11.08 00:37:52 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.08.19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.11.20 05:30:42 | 000,215,088 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.21 14:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.08.01 01:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.07.27 12:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.07.05 03:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 17:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.07.01 04:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.06.26 18:28:04 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009.06.26 01:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.26 01:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.26 01:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.23 23:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.13 03:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) DRV - [2009.05.26 20:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2003.11.28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2K) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{F6F76182-93ED-499D-9491-EEFAEC99A3BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F6F76182-93ED-499D-9491-EEFAEC99A3BC} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{10EDAC71-1851-473a-BE8E-5D77C8FE5129}: "URL" = hxxp://www.ask.com/web?o=101450&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{270D5DD9-DB15-4BE4-AA02-A4CA0B7D4C4F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = hxxp://search.etoolkit.com/search?q={searchTerms}&id=026095263ef9335a176bdad20f0869a6065&s=p IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{90504CAF-384D-4F23-862C-B50BAA7FA1ED}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{DB1303D6-6049-4039-A97F-2D9B890DCECB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9EFDB496-5468-4404-B06C-586804AAB7C5&apn_sauid=48832B91-91F7-47B3-8E5F-A5C027686EA8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=3&q={searchTerms}&CUI=UN21438861262096308" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.19 20:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.02 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions [2013.02.24 19:28:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions\toolbar@ask.com [2013.03.02 23:13:38 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.12 22:41:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.17 20:10:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:51 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.20 10:14:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.08 20:13:51 | 000,906,360 | ---- | M] (www.devalvr.com) -- C:\Program Files\mozilla firefox\plugins\npdevalvr.dll [2013.01.25 10:36:14 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.14 20:25:40 | 000,044,251 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Free Studio (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DevalVR 3D Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Browser Companion Helper = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [F.lux] C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA3CDE8-FDFB-4060-9543-2A97E2296E12}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: NameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell - "" = AutoRun O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 11:29:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 00:15:41 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Malwarebytes [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 00:15:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 00:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 00:14:37 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\DVDVideoSoft [2013.03.07 13:36:15 | 029,000,336 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX Speed [2013.03.07 10:06:03 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX_Audio_Cleaning_Lab_16_deluxe [2013.03.05 21:20:30 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Desktop\würzburg [2013.03.02 16:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.24 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\APN [2013.02.24 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2013.02.24 18:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.02.23 21:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.22 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\Benutzerdefinierte Office-Vorlagen [2013.02.22 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.02.22 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.02.22 10:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.02.22 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.02.22 10:31:49 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.02.22 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.02.22 10:31:13 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\Microsoft Help [2013.02.22 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.22 10:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.02.22 10:30:17 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.02.22 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Download Manager [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator [2013.02.20 10:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.02.08 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.08 20:51:47 | 014,597,312 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 8.0.1.exe [2011.11.14 21:04:51 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe [2011.11.14 21:04:48 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe.part [2011.11.09 20:27:19 | 005,157,880 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.3.9.2783.exe [2011.11.09 20:17:08 | 072,333,896 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_elements_10.0.9_8678.exe [2011.06.01 16:01:38 | 012,362,480 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe [2011.02.12 13:17:05 | 017,642,464 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_0_setup.exe [2011.02.07 22:20:26 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMP3Converter32.exe [2011.02.01 22:49:36 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe [2011.01.14 08:03:20 | 014,715,008 | ---- | C] (Dropbox, Inc.) -- C:\Program Files\Dropbox 1.0.10.exe [2010.07.01 06:51:33 | 008,424,584 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.6.exe [2010.06.24 21:44:11 | 000,568,472 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup.exe [2010.05.08 08:59:11 | 002,003,968 | ---- | C] (DVDVideoSoft Limited.) -- C:\Program Files\FreeAudioDub.exe [2010.05.08 08:58:06 | 010,906,498 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeAudioDub_1.6.exe [2010.05.04 20:57:28 | 006,728,058 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeConverter.exe [2010.05.04 20:55:21 | 006,188,525 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe [2010.04.21 21:09:29 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2010.03.15 22:48:22 | 000,977,552 | ---- | C] (NCH Software) -- C:\Program Files\essetup.exe [2010.03.02 22:53:51 | 019,922,270 | ---- | C] (Macrovision Corporation) -- C:\Program Files\sa3045_02_pal_eng.exe [2010.02.17 17:46:56 | 022,240,040 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetupFull179.exe [2010.02.17 17:38:47 | 012,260,429 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter327.exe [2010.02.10 19:38:22 | 038,546,560 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_2010_9.12_6265(2).exe [2010.02.09 21:57:24 | 006,343,388 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup674_FreeFlvConverter.exe [2010.02.04 16:02:13 | 016,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u18-windows-i586-s.exe [2010.02.01 23:14:20 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe [2010.02.01 22:42:44 | 008,840,816 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird_Setup_3.0.1.exe [2010.02.01 20:44:08 | 003,211,616 | ---- | C] (Ghisler Software GmbH) -- C:\Program Files\tcmd750a.exe [2010.01.31 23:27:37 | 000,564,064 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe [2010.01.30 12:31:26 | 032,494,896 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2010.01.30 11:11:55 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe ========== Files - Modified Within 30 Days ========== [2013.03.08 11:41:54 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.03.08 11:33:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 11:13:52 | 000,081,993 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:31 | 000,085,605 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:03 | 000,104,007 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | M] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:57:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.08 10:57:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.08 10:57:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.08 10:57:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.08 10:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.08 10:52:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 10:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 10:51:54 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 09:21:08 | 000,023,132 | ---- | M] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:56 | 000,050,477 | ---- | M] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:36 | 000,073,430 | ---- | M] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.08 00:15:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 22:17:33 | 017,947,064 | ---- | M] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | M] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:37:36 | 029,000,336 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 08:53:18 | 000,000,234 | ---- | M] () -- C:\Windows\Brownie.ini [2013.03.06 09:44:57 | 000,076,187 | ---- | M] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.25 21:42:19 | 000,004,998 | ---- | M] () -- C:\Users\ulrike\Desktop\siemens.odt [2013.02.22 12:32:36 | 000,495,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.22 10:43:34 | 000,002,937 | ---- | M] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | M] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:45:41 | 000,010,034 | ---- | M] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | M] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf ========== Files Created - No Company Name ========== [2013.03.08 11:13:52 | 000,081,993 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:30 | 000,085,605 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:02 | 000,104,007 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 09:21:08 | 000,023,132 | ---- | C] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:55 | 000,050,477 | ---- | C] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:35 | 000,073,430 | ---- | C] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.07 22:16:44 | 017,947,064 | ---- | C] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | C] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:31:12 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Desktop\Track01.cda [2013.03.07 13:03:29 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Documents\passion.cda [2013.03.06 09:44:57 | 000,076,187 | ---- | C] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.22 10:43:34 | 000,002,937 | ---- | C] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | C] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:38:23 | 000,010,034 | ---- | C] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | C] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf [2012.12.27 10:54:28 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.10.10 15:20:39 | 000,001,531 | ---- | C] () -- C:\Users\ulrike\.recently-used.xbel [2012.08.28 09:02:57 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2012.07.01 10:55:48 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat.temp [2012.06.27 17:26:45 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp [2012.06.27 16:58:22 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.04.19 08:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.04.19 07:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.04.19 07:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2012.04.19 07:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi [2011.10.04 19:42:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.09.27 19:50:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.07.05 12:32:53 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\{EDD1366B-75CE-429C-A470-C05A561E102D} [2011.04.26 21:31:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.25 17:13:21 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe [2011.03.23 20:30:48 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.03.23 20:30:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.23 20:30:47 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2011.03.23 20:30:46 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.03.23 20:29:42 | 000,000,234 | ---- | C] () -- C:\Windows\Brownie.ini [2011.02.12 13:07:10 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe [2011.02.02 22:40:33 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.21 23:06:33 | 000,017,408 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WebpageIcons.db [2010.08.16 22:11:12 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe [2010.05.10 15:38:02 | 013,868,427 | ---- | C] () -- C:\Program Files\NAVIGON_Fresh_setup.exe [2010.05.08 08:56:49 | 000,256,824 | ---- | C] () -- C:\Program Files\SoftonicDownloader67434.exe [2010.05.07 21:30:16 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe [2010.04.21 18:39:21 | 018,234,256 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.8-i686-setup.exe [2010.04.20 20:09:44 | 010,315,456 | ---- | C] () -- C:\Program Files\GoogleEarthWin.exe [2010.03.02 22:53:26 | 002,228,224 | ---- | C] () -- C:\Program Files\sa3045_02_fus_eng.exe [2010.03.01 21:22:06 | 152,882,016 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_de.exe [2010.02.22 22:36:51 | 000,000,017 | ---- | C] () -- C:\Users\ulrike\AppData\Local\resmon.resmoncfg [2010.02.19 16:32:46 | 025,154,803 | ---- | C] () -- C:\Program Files\f4-v4-pc.zip [2010.02.17 17:51:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.17 17:41:38 | 000,685,568 | ---- | C] () -- C:\Program Files\DVSUninstall.exe [2010.02.16 22:23:33 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de(2).exe [2010.02.09 18:35:16 | 000,003,584 | ---- | C] () -- C:\Users\ulrike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.09 18:12:06 | 000,009,523 | ---- | C] () -- C:\Program Files\DellDriverDownloadManager.application [2010.02.08 20:13:01 | 000,150,836 | ---- | C] () -- C:\Users\ulrike\AppData\Roaming\mdbu.bin [2010.02.08 19:55:41 | 061,037,560 | ---- | C] ( ) -- C:\Program Files\MediaMarkt_Fotoservice.exe [2010.02.07 16:51:35 | 004,444,879 | ---- | C] () -- C:\Program Files\XMediaRecode2184_setup.exe [2010.02.04 22:31:16 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe [2010.01.30 12:29:55 | 018,965,012 | ---- | C] () -- C:\Program Files\f4-v31.exe [2010.01.28 16:12:08 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe [2010.01.28 09:34:05 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WavXMapDrive.bat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.17 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ahnenblatt [2011.11.11 17:22:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ashampoo [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Audacity [2010.05.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Blue Cat Audio [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Broadcom [2012.09.23 09:05:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\BrowserCompanion [2011.11.09 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Canneverbe Limited [2010.07.22 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2013.03.08 10:54:08 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Dropbox [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoft [2013.02.19 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.04 08:59:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\F4 [2012.03.11 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FILEminimizerPictures [2010.05.04 20:55:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FreeFLVConverter [2011.05.24 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GetRightToGo [2010.02.01 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GHISLER [2012.10.10 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\gtk-2.0 [2012.09.25 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HandBrake [2010.05.08 08:11:03 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HighAndes [2013.01.17 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\NCH Swift Sound [2012.10.05 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenCandy [2010.01.30 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenOffice.org [2010.02.01 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Thunderbird [2012.04.14 09:10:13 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\TuneUp Software [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Wave Systems Corp [2012.02.19 18:32:50 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\www.rene-zeidler.de [2010.08.15 10:46:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > OTL Extras logfile created on: 08.03.2013 11:35:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free 6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062CAA6B-28A3-45A9-B7E1-B99383740D3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0DDEFAF9-E3E7-4662-941E-7DD95231307F}" = lport=139 | protocol=6 | dir=in | app=system | "{0EBD2562-37AA-4B1E-A29B-CC09C0B69892}" = rport=445 | protocol=6 | dir=out | app=system | "{0EF71681-61C7-4070-8F8A-BBB49E76A36A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1591D095-3A45-4CC9-A472-7E1F769E5612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1793E3E7-6913-4D00-99A4-6C173F6DE26D}" = lport=2869 | protocol=6 | dir=in | app=system | "{2A3D098B-C939-471A-AED0-72DAC19964AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BD2BA93-4317-48C3-AF06-48CAB0F4FD9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B88CF04-D565-43C8-B52E-EE7A7EA01C08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E21C46F-CB46-4A9A-8835-584188F399EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C9BF0D8-BE65-4B23-AAA4-7A63AC0D3519}" = lport=137 | protocol=17 | dir=in | app=system | "{78144C86-87B0-430E-A06D-A000B53C3A42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A9AEA4A-E6E9-4E85-8FBF-B12D1E7EE3D7}" = rport=139 | protocol=6 | dir=out | app=system | "{81627E12-BDBE-4D1A-9105-3D1FBD2D3A18}" = rport=137 | protocol=17 | dir=out | app=system | "{A0558197-C271-4EEC-A1EC-D312E7477466}" = rport=10243 | protocol=6 | dir=out | app=system | "{A24E203E-8465-4E37-98A4-362DA2D89704}" = lport=445 | protocol=6 | dir=in | app=system | "{AD3D1502-DC72-4EA3-AA53-50C91B1BCB68}" = lport=138 | protocol=17 | dir=in | app=system | "{B4FD9C66-981D-44D2-88D1-60A51BF2376E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B508A02C-6B61-4770-8182-A999929BA9E3}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8CB2D64-3270-4936-8968-1C4825A9A509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BA507813-7E74-4B8A-8171-D83ECE13FBCB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{BEF8EE2F-8B80-4C75-94C4-197BA0D3E8FD}" = lport=10243 | protocol=6 | dir=in | app=system | "{C06A739F-8341-4336-9658-EDFBE279421C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD2200BF-141F-4CD4-A7C3-AC79AC6FFFEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E163E25F-5782-4620-A852-15DE025A3776}" = rport=138 | protocol=17 | dir=out | app=system | "{F7F79044-2EE6-48B4-B96C-05D44C7A0097}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DC4663-CD2E-4702-963C-D523EB99B837}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{04B65E9E-7D83-4AA2-A4AE-49F1E0E46140}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{09B5B14F-5C1B-4323-954D-AACF097B76B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{107A3A21-1442-4DC7-9504-DCBC7A496E36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{27AD91CB-06B9-40E9-8B0F-DCE7E97B9830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2986192A-709B-405D-83FB-86B1EE1A88A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{398E9CD3-8695-4171-9D30-0DF06871518A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{3A840A33-616F-47CD-979E-B24BDA20E3C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{406EBDD1-56D3-43ED-A2B9-9A5DFEA22AFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40B7B5A8-E3C3-4003-8453-9E04B2EF3852}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{43354F01-254C-4225-B268-C7B96D932500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{48792B54-C554-42FE-881B-B202FFA57351}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{52DA8BE6-97AE-4BCD-8441-225D0A316A19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56A6DE05-4ECC-4FC3-8BF3-614C2D07A5C7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{5AE2821D-A840-4218-93D8-E93AF46AB954}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{65B2F5B9-CD10-4092-BF83-1DAAD5C10F43}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D9A82FF-6958-4C68-973F-C298D8A1D8FC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{73A8E1A3-243D-472A-B835-D10374AC7FD6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "{75CA5A0B-E697-4935-AE18-AB85FEBF90F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{786F970B-C4F1-4914-8461-D894107F631E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{7CA34CBD-0629-4BD3-8A23-F05B12597E11}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "{85F5ABE6-E9FD-4943-99CF-6339C3DE75E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D5DEE72-847B-4360-8567-2E1C96BD848D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A8209922-B54B-4BDD-87E3-0B05FC0D695D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B15B1FF0-FA71-4EAD-A243-59E86B8ABFE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{BBFB194E-EC14-49DE-AE74-7D44F4AFD2C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{BFACB792-C975-460D-8587-9C3D4DC4DE60}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{C05A9CEB-83B2-4718-A382-D4016CE8E0FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C0A12A82-84C1-4AD0-B0C6-E36B57A94384}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1342766-81A1-4709-9832-21D40929DBED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C20DF78F-A717-4462-BA19-603559E79635}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{CD90ADB2-3E7D-4267-92F4-A4FB6D6AC37E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{CDD99A9F-37E3-4C3B-8FBA-90EDA0801EA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D1E26FC2-3042-4D07-88CD-6CD312EF11C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{D32F242E-2120-46E4-BC49-92BEE4F05D11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{D3383302-7323-405A-9DF5-2542F5C9AE0D}" = protocol=6 | dir=out | app=system | "{D62640B5-61D6-4EC7-BB1A-88DBB515242B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{D72F4A2D-B581-43C8-A3D0-FD868989D8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E2901457-C28C-49DA-9D4C-7E4FF40FC4CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{E2C7478F-18D1-4635-BBAC-DBFFD855AE5D}" = dir=in | app=d:\setup\hpznui01.exe | "{EBBEDEC2-F0D2-411D-AE7B-2E0DC89C9064}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EC3D1A14-A2F4-4A2C-B31A-A6A2C748C9E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F0B1AC39-FA0E-44E8-9739-1562FAE03C7B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F93113DA-85C5-40C1-998E-D2A83167DBDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{27A10680-5014-4B34-851E-85AC25508FB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{30AFA642-4C2F-44F1-B864-D8A14CB9359C}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{34A5994F-8C1B-43CC-B6DB-DF44A5C06BFB}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=6 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe | "TCP Query User{CDC537D9-FBCC-461A-9923-BE8C897932A7}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "UDP Query User{29AB00C5-7EF2-4EC6-B696-26647894D1D8}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "UDP Query User{5E9E8AAF-D7B5-4A72-BC24-255990A13910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{6FEA6B41-0F40-4265-8984-B5CCA9625440}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{B1518903-3AA0-41E7-AABD-7B0489BE044E}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=17 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0471A681-06EC-4C19-9F8A-DC59A60CD4AD}" = Brother HL-2030 "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{750A1A07-2A69-4606-9619-EA29A2BFF426}" = MAGIX Audio Cleaning Lab 16 deluxe "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI "{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013 "{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013 "{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013 "{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013 "{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013 "{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013 "{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français "{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano "{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013 "{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013 "{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013 "{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013 "{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013 "{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013 "{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013 "{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013 "{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security "{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel(R) Network Connections 14.6.9.0 "{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD091935-4900-6218-88CC-CBA82ADBBB39}" = myphotobook.de "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "AnyDVD" = AnyDVD "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "Audacity_is1" = Audacity 2.0.2 "Creative OA001" = Integrated Webcam Driver (1.03.02.0919) "de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de "DevalVR for Netscape" = DevalVR plugin for Netscape and compatible browsers "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "DVDGenie" = DVD Genie (remove only) "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "Express" = Express Dictate "ExpressBurn" = Express Burn "f4" = f4 3.1.0 "f42012" = f4 2012 "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.825 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "MAGIX Speed burnR D" = MAGIX Speed burnR "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoMail" = PhotoMail Maker "PROSetDX" = Intel(R) Network Connections 14.6.9.0 "Scribe" = Express Scribe "Shop for HP Supplies" = Shop for HP Supplies "TeamViewer 6" = TeamViewer 6 "TVWiz" = Intel(R) TV Wizard "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.9 "WavePad" = WavePad Sound Editor "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.5.8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Dropbox" = Dropbox "f031ef6ac137efc5" = Dell Driver Download Manager "Flux" = F.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2013 14:00:02 | Computer Name = ulrike-PC | Source = Windows Backup | ID = 4103 Description = Error - 03.03.2013 14:14:26 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04.03.2013 08:58:46 | Computer Name = ulrike-PC | Source = MsiInstaller | ID = 11609 Description = Error - 05.03.2013 03:57:03 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.03.2013 04:41:58 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.03.2013 07:52:55 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794, Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794, Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01ce1a60fddd675c Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 61bf270a-8654-11e2-bc77-904ce5fb327c Error - 06.03.2013 18:41:01 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07.03.2013 06:56:34 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.5.0.0, Zeitstempel: 0x4fa7a664 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version: 4.5.0.0, Zeitstempel: 0x4fa7a664 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d07 ID des fehlerhaften Prozesses: 0x1a80 Startzeit der fehlerhaften Anwendung: 0x01ce1b21aed72e47 Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\pdf24-Editor.exe Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\pdf24-Editor.exe Berichtskennung: ac5bc74d-8715-11e2-bcfa-904ce5fb327c Error - 07.03.2013 15:09:46 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07.03.2013 19:07:17 | Computer Name = ulrike-PC | Source = System Restore | ID = 8210 Description = [ Media Center Events ] Error - 12.10.2012 14:43:56 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 20:43:49 - Fehler beim Herstellen der Internetverbindung. 20:43:49 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 13:01:29 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 19:01:29 - Fehler beim Herstellen der Internetverbindung. 19:01:29 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 13:01:40 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 19:01:34 - Fehler beim Herstellen der Internetverbindung. 19:01:34 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 15:19:04 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 21:19:04 - Fehler beim Herstellen der Internetverbindung. 21:19:04 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 15:19:09 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 21:19:09 - Fehler beim Herstellen der Internetverbindung. 21:19:09 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 16:19:21 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 22:19:21 - Fehler beim Herstellen der Internetverbindung. 22:19:21 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 16:19:49 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 22:19:26 - Fehler beim Herstellen der Internetverbindung. 22:19:26 - Serververbindung konnte nicht hergestellt werden.. Error - 03.11.2012 13:53:50 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:53:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 07.11.2012 13:40:08 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:40:08 - Fehler beim Herstellen der Internetverbindung. 18:40:08 - Serververbindung konnte nicht hergestellt werden.. Error - 07.11.2012 13:40:18 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:40:13 - Fehler beim Herstellen der Internetverbindung. 18:40:13 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 07.03.2013 11:22:36 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 11:25:50 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 14:29:12 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 14:30:51 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 19:06:19 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 19:08:16 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 19:34:10 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 19:35:48 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 08.03.2013 05:52:06 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 08.03.2013 05:54:01 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. < End of report > |
| Themen zu Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers |
| 32 bit, adobe, bonjour, browser, converter, defender, device driver, dvdvideosoft ltd., error, explorer, fehlermeldung, firefox, flash player, format, gmer.exe, google, helper, infizierte, install.exe, jquery, koyote, ladefehler gmer, logfile, mausklick, mozilla, mp3, msiinstaller, officejet, photoshop, plug-in, pup.blabbers, registry, rundll, security, server, software, svchost.exe, udp |
Baum-Darstellung