| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.03.2013, 09:28
| #1 |
 |  Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Hallo, nachdem ich dachte, den Groupon-Verschlüsselungstrojaner gefangen zu haben, hat Malwarbytes insgesamt 107 infizierte Objekte mit pup.blabbers gefunden. Alle sind in Quarantäne. Ein erneuter Quckscan mit Malwarebytes zeigte keine Ergebnisse. Ich kann Dokus, Bilder, Audio etc. normal öffnen. Nach dem Scannen mit Defogger - keine Fehlermeldung - und OTL (Ergebnisse s.u.) wäre der nächste Schritt lt. eurer Anleitung, gmer.exe auszuführen. Jedoch gelingt es mir nicht, die Seite zu laden ("Die Verbindung zum Server wurde zurück gesetzt, während die Seite geladen wurde"). Was kann ich bitte tun? Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.07.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ulrike :: ULRIKE-PC [Administrator] Schutz: Aktiviert 08.03.2013 00:16:42 MBAM-log-2013-03-08 (00-30-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225388 Laufzeit: 12 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 76 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\installer_wavelab_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) OTL logfile created on: 08.03.2013 11:35:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free 6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe PRC - [2013.02.20 10:14:43 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.18 13:28:29 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cfp.exe PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) -- C:\Programme\ToolKitService\toolkitservice.exe PRC - [2011.10.26 09:15:47 | 005,361,272 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe PRC - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe PRC - [2009.08.14 12:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.08.01 01:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe PRC - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe PRC - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2009.06.19 23:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2009.06.11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe PRC - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NlsSrv32.exe PRC - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe PRC - [2009.02.01 09:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2009.02.01 07:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.11.24 22:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 10:14:43 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.17 20:33:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 23:00:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.09 22:45:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 22:44:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 22:44:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 22:44:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 22:44:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.28 20:42:14 | 000,652,800 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.22 14:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll MOD - [2010.01.22 14:45:36 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe MOD - [2009.07.27 12:17:10 | 000,249,856 | ---- | M] () -- C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll MOD - [2009.07.27 12:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll MOD - [2009.06.03 12:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll MOD - [2008.11.12 13:29:06 | 000,004,608 | ---- | M] () -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll ========== Services (SafeList) ========== SRV - [2013.02.27 19:27:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 10:14:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.10.01 20:30:04 | 000,150,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2012.10.01 20:30:02 | 004,846,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) [Auto | Running] -- C:\Programme\ToolKitService\toolkitservice.exe -- (ToolkitSvc) SRV - [2011.03.06 10:36:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.03.01 15:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.02.03 20:50:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV) SRV - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NlsSrv32.exe -- (nlsX86cc) SRV - [2009.06.03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2008.11.12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.08 00:37:56 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2012.11.08 00:37:55 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.11.08 00:37:54 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.11.08 00:37:52 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.08.19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.11.20 05:30:42 | 000,215,088 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.21 14:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.08.01 01:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.07.27 12:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.07.05 03:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 17:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.07.01 04:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.06.26 18:28:04 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009.06.26 01:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.26 01:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.26 01:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.23 23:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.13 03:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) DRV - [2009.05.26 20:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2003.11.28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2K) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{F6F76182-93ED-499D-9491-EEFAEC99A3BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F6F76182-93ED-499D-9491-EEFAEC99A3BC} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{10EDAC71-1851-473a-BE8E-5D77C8FE5129}: "URL" = hxxp://www.ask.com/web?o=101450&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{270D5DD9-DB15-4BE4-AA02-A4CA0B7D4C4F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = hxxp://search.etoolkit.com/search?q={searchTerms}&id=026095263ef9335a176bdad20f0869a6065&s=p IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{90504CAF-384D-4F23-862C-B50BAA7FA1ED}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{DB1303D6-6049-4039-A97F-2D9B890DCECB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9EFDB496-5468-4404-B06C-586804AAB7C5&apn_sauid=48832B91-91F7-47B3-8E5F-A5C027686EA8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=3&q={searchTerms}&CUI=UN21438861262096308" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.19 20:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.02 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions [2013.02.24 19:28:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions\toolbar@ask.com [2013.03.02 23:13:38 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.12 22:41:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.17 20:10:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:51 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.20 10:14:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.08 20:13:51 | 000,906,360 | ---- | M] (www.devalvr.com) -- C:\Program Files\mozilla firefox\plugins\npdevalvr.dll [2013.01.25 10:36:14 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.14 20:25:40 | 000,044,251 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Free Studio (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DevalVR 3D Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Browser Companion Helper = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [F.lux] C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA3CDE8-FDFB-4060-9543-2A97E2296E12}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: NameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell - "" = AutoRun O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 11:29:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 00:15:41 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Malwarebytes [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 00:15:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 00:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 00:14:37 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\DVDVideoSoft [2013.03.07 13:36:15 | 029,000,336 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX Speed [2013.03.07 10:06:03 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX_Audio_Cleaning_Lab_16_deluxe [2013.03.05 21:20:30 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Desktop\würzburg [2013.03.02 16:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.24 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\APN [2013.02.24 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2013.02.24 18:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.02.23 21:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.22 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\Benutzerdefinierte Office-Vorlagen [2013.02.22 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.02.22 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.02.22 10:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.02.22 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.02.22 10:31:49 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.02.22 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.02.22 10:31:13 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\Microsoft Help [2013.02.22 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.22 10:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.02.22 10:30:17 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.02.22 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Download Manager [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator [2013.02.20 10:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.02.08 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.08 20:51:47 | 014,597,312 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 8.0.1.exe [2011.11.14 21:04:51 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe [2011.11.14 21:04:48 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe.part [2011.11.09 20:27:19 | 005,157,880 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.3.9.2783.exe [2011.11.09 20:17:08 | 072,333,896 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_elements_10.0.9_8678.exe [2011.06.01 16:01:38 | 012,362,480 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe [2011.02.12 13:17:05 | 017,642,464 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_0_setup.exe [2011.02.07 22:20:26 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMP3Converter32.exe [2011.02.01 22:49:36 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe [2011.01.14 08:03:20 | 014,715,008 | ---- | C] (Dropbox, Inc.) -- C:\Program Files\Dropbox 1.0.10.exe [2010.07.01 06:51:33 | 008,424,584 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.6.exe [2010.06.24 21:44:11 | 000,568,472 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup.exe [2010.05.08 08:59:11 | 002,003,968 | ---- | C] (DVDVideoSoft Limited.) -- C:\Program Files\FreeAudioDub.exe [2010.05.08 08:58:06 | 010,906,498 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeAudioDub_1.6.exe [2010.05.04 20:57:28 | 006,728,058 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeConverter.exe [2010.05.04 20:55:21 | 006,188,525 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe [2010.04.21 21:09:29 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2010.03.15 22:48:22 | 000,977,552 | ---- | C] (NCH Software) -- C:\Program Files\essetup.exe [2010.03.02 22:53:51 | 019,922,270 | ---- | C] (Macrovision Corporation) -- C:\Program Files\sa3045_02_pal_eng.exe [2010.02.17 17:46:56 | 022,240,040 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetupFull179.exe [2010.02.17 17:38:47 | 012,260,429 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter327.exe [2010.02.10 19:38:22 | 038,546,560 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_2010_9.12_6265(2).exe [2010.02.09 21:57:24 | 006,343,388 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup674_FreeFlvConverter.exe [2010.02.04 16:02:13 | 016,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u18-windows-i586-s.exe [2010.02.01 23:14:20 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe [2010.02.01 22:42:44 | 008,840,816 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird_Setup_3.0.1.exe [2010.02.01 20:44:08 | 003,211,616 | ---- | C] (Ghisler Software GmbH) -- C:\Program Files\tcmd750a.exe [2010.01.31 23:27:37 | 000,564,064 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe [2010.01.30 12:31:26 | 032,494,896 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2010.01.30 11:11:55 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe ========== Files - Modified Within 30 Days ========== [2013.03.08 11:41:54 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.03.08 11:33:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 11:13:52 | 000,081,993 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:31 | 000,085,605 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:03 | 000,104,007 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | M] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:57:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.08 10:57:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.08 10:57:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.08 10:57:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.08 10:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.08 10:52:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 10:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 10:51:54 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 09:21:08 | 000,023,132 | ---- | M] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:56 | 000,050,477 | ---- | M] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:36 | 000,073,430 | ---- | M] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.08 00:15:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 22:17:33 | 017,947,064 | ---- | M] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | M] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:37:36 | 029,000,336 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 08:53:18 | 000,000,234 | ---- | M] () -- C:\Windows\Brownie.ini [2013.03.06 09:44:57 | 000,076,187 | ---- | M] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.25 21:42:19 | 000,004,998 | ---- | M] () -- C:\Users\ulrike\Desktop\siemens.odt [2013.02.22 12:32:36 | 000,495,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.22 10:43:34 | 000,002,937 | ---- | M] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | M] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:45:41 | 000,010,034 | ---- | M] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | M] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf ========== Files Created - No Company Name ========== [2013.03.08 11:13:52 | 000,081,993 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:30 | 000,085,605 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:02 | 000,104,007 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 09:21:08 | 000,023,132 | ---- | C] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:55 | 000,050,477 | ---- | C] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:35 | 000,073,430 | ---- | C] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.07 22:16:44 | 017,947,064 | ---- | C] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | C] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:31:12 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Desktop\Track01.cda [2013.03.07 13:03:29 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Documents\passion.cda [2013.03.06 09:44:57 | 000,076,187 | ---- | C] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.22 10:43:34 | 000,002,937 | ---- | C] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | C] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:38:23 | 000,010,034 | ---- | C] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | C] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf [2012.12.27 10:54:28 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.10.10 15:20:39 | 000,001,531 | ---- | C] () -- C:\Users\ulrike\.recently-used.xbel [2012.08.28 09:02:57 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2012.07.01 10:55:48 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat.temp [2012.06.27 17:26:45 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp [2012.06.27 16:58:22 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.04.19 08:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.04.19 07:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.04.19 07:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2012.04.19 07:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi [2011.10.04 19:42:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.09.27 19:50:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.07.05 12:32:53 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\{EDD1366B-75CE-429C-A470-C05A561E102D} [2011.04.26 21:31:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.25 17:13:21 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe [2011.03.23 20:30:48 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.03.23 20:30:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.23 20:30:47 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2011.03.23 20:30:46 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.03.23 20:29:42 | 000,000,234 | ---- | C] () -- C:\Windows\Brownie.ini [2011.02.12 13:07:10 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe [2011.02.02 22:40:33 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.21 23:06:33 | 000,017,408 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WebpageIcons.db [2010.08.16 22:11:12 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe [2010.05.10 15:38:02 | 013,868,427 | ---- | C] () -- C:\Program Files\NAVIGON_Fresh_setup.exe [2010.05.08 08:56:49 | 000,256,824 | ---- | C] () -- C:\Program Files\SoftonicDownloader67434.exe [2010.05.07 21:30:16 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe [2010.04.21 18:39:21 | 018,234,256 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.8-i686-setup.exe [2010.04.20 20:09:44 | 010,315,456 | ---- | C] () -- C:\Program Files\GoogleEarthWin.exe [2010.03.02 22:53:26 | 002,228,224 | ---- | C] () -- C:\Program Files\sa3045_02_fus_eng.exe [2010.03.01 21:22:06 | 152,882,016 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_de.exe [2010.02.22 22:36:51 | 000,000,017 | ---- | C] () -- C:\Users\ulrike\AppData\Local\resmon.resmoncfg [2010.02.19 16:32:46 | 025,154,803 | ---- | C] () -- C:\Program Files\f4-v4-pc.zip [2010.02.17 17:51:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.17 17:41:38 | 000,685,568 | ---- | C] () -- C:\Program Files\DVSUninstall.exe [2010.02.16 22:23:33 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de(2).exe [2010.02.09 18:35:16 | 000,003,584 | ---- | C] () -- C:\Users\ulrike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.09 18:12:06 | 000,009,523 | ---- | C] () -- C:\Program Files\DellDriverDownloadManager.application [2010.02.08 20:13:01 | 000,150,836 | ---- | C] () -- C:\Users\ulrike\AppData\Roaming\mdbu.bin [2010.02.08 19:55:41 | 061,037,560 | ---- | C] ( ) -- C:\Program Files\MediaMarkt_Fotoservice.exe [2010.02.07 16:51:35 | 004,444,879 | ---- | C] () -- C:\Program Files\XMediaRecode2184_setup.exe [2010.02.04 22:31:16 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe [2010.01.30 12:29:55 | 018,965,012 | ---- | C] () -- C:\Program Files\f4-v31.exe [2010.01.28 16:12:08 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe [2010.01.28 09:34:05 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WavXMapDrive.bat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.17 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ahnenblatt [2011.11.11 17:22:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ashampoo [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Audacity [2010.05.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Blue Cat Audio [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Broadcom [2012.09.23 09:05:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\BrowserCompanion [2011.11.09 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Canneverbe Limited [2010.07.22 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2013.03.08 10:54:08 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Dropbox [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoft [2013.02.19 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.04 08:59:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\F4 [2012.03.11 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FILEminimizerPictures [2010.05.04 20:55:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FreeFLVConverter [2011.05.24 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GetRightToGo [2010.02.01 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GHISLER [2012.10.10 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\gtk-2.0 [2012.09.25 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HandBrake [2010.05.08 08:11:03 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HighAndes [2013.01.17 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\NCH Swift Sound [2012.10.05 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenCandy [2010.01.30 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenOffice.org [2010.02.01 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Thunderbird [2012.04.14 09:10:13 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\TuneUp Software [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Wave Systems Corp [2012.02.19 18:32:50 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\www.rene-zeidler.de [2010.08.15 10:46:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > OTL Extras logfile created on: 08.03.2013 11:35:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free 6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062CAA6B-28A3-45A9-B7E1-B99383740D3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0DDEFAF9-E3E7-4662-941E-7DD95231307F}" = lport=139 | protocol=6 | dir=in | app=system | "{0EBD2562-37AA-4B1E-A29B-CC09C0B69892}" = rport=445 | protocol=6 | dir=out | app=system | "{0EF71681-61C7-4070-8F8A-BBB49E76A36A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1591D095-3A45-4CC9-A472-7E1F769E5612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1793E3E7-6913-4D00-99A4-6C173F6DE26D}" = lport=2869 | protocol=6 | dir=in | app=system | "{2A3D098B-C939-471A-AED0-72DAC19964AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2BD2BA93-4317-48C3-AF06-48CAB0F4FD9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4B88CF04-D565-43C8-B52E-EE7A7EA01C08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E21C46F-CB46-4A9A-8835-584188F399EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C9BF0D8-BE65-4B23-AAA4-7A63AC0D3519}" = lport=137 | protocol=17 | dir=in | app=system | "{78144C86-87B0-430E-A06D-A000B53C3A42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A9AEA4A-E6E9-4E85-8FBF-B12D1E7EE3D7}" = rport=139 | protocol=6 | dir=out | app=system | "{81627E12-BDBE-4D1A-9105-3D1FBD2D3A18}" = rport=137 | protocol=17 | dir=out | app=system | "{A0558197-C271-4EEC-A1EC-D312E7477466}" = rport=10243 | protocol=6 | dir=out | app=system | "{A24E203E-8465-4E37-98A4-362DA2D89704}" = lport=445 | protocol=6 | dir=in | app=system | "{AD3D1502-DC72-4EA3-AA53-50C91B1BCB68}" = lport=138 | protocol=17 | dir=in | app=system | "{B4FD9C66-981D-44D2-88D1-60A51BF2376E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B508A02C-6B61-4770-8182-A999929BA9E3}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8CB2D64-3270-4936-8968-1C4825A9A509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BA507813-7E74-4B8A-8171-D83ECE13FBCB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{BEF8EE2F-8B80-4C75-94C4-197BA0D3E8FD}" = lport=10243 | protocol=6 | dir=in | app=system | "{C06A739F-8341-4336-9658-EDFBE279421C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD2200BF-141F-4CD4-A7C3-AC79AC6FFFEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E163E25F-5782-4620-A852-15DE025A3776}" = rport=138 | protocol=17 | dir=out | app=system | "{F7F79044-2EE6-48B4-B96C-05D44C7A0097}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DC4663-CD2E-4702-963C-D523EB99B837}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{04B65E9E-7D83-4AA2-A4AE-49F1E0E46140}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{09B5B14F-5C1B-4323-954D-AACF097B76B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{107A3A21-1442-4DC7-9504-DCBC7A496E36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{27AD91CB-06B9-40E9-8B0F-DCE7E97B9830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2986192A-709B-405D-83FB-86B1EE1A88A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{398E9CD3-8695-4171-9D30-0DF06871518A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{3A840A33-616F-47CD-979E-B24BDA20E3C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{406EBDD1-56D3-43ED-A2B9-9A5DFEA22AFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40B7B5A8-E3C3-4003-8453-9E04B2EF3852}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{43354F01-254C-4225-B268-C7B96D932500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{48792B54-C554-42FE-881B-B202FFA57351}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{52DA8BE6-97AE-4BCD-8441-225D0A316A19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56A6DE05-4ECC-4FC3-8BF3-614C2D07A5C7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{5AE2821D-A840-4218-93D8-E93AF46AB954}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{65B2F5B9-CD10-4092-BF83-1DAAD5C10F43}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D9A82FF-6958-4C68-973F-C298D8A1D8FC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{73A8E1A3-243D-472A-B835-D10374AC7FD6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "{75CA5A0B-E697-4935-AE18-AB85FEBF90F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{786F970B-C4F1-4914-8461-D894107F631E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{7CA34CBD-0629-4BD3-8A23-F05B12597E11}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "{85F5ABE6-E9FD-4943-99CF-6339C3DE75E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D5DEE72-847B-4360-8567-2E1C96BD848D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A8209922-B54B-4BDD-87E3-0B05FC0D695D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B15B1FF0-FA71-4EAD-A243-59E86B8ABFE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{BBFB194E-EC14-49DE-AE74-7D44F4AFD2C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{BFACB792-C975-460D-8587-9C3D4DC4DE60}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{C05A9CEB-83B2-4718-A382-D4016CE8E0FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{C0A12A82-84C1-4AD0-B0C6-E36B57A94384}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1342766-81A1-4709-9832-21D40929DBED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C20DF78F-A717-4462-BA19-603559E79635}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{CD90ADB2-3E7D-4267-92F4-A4FB6D6AC37E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{CDD99A9F-37E3-4C3B-8FBA-90EDA0801EA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D1E26FC2-3042-4D07-88CD-6CD312EF11C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{D32F242E-2120-46E4-BC49-92BEE4F05D11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{D3383302-7323-405A-9DF5-2542F5C9AE0D}" = protocol=6 | dir=out | app=system | "{D62640B5-61D6-4EC7-BB1A-88DBB515242B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{D72F4A2D-B581-43C8-A3D0-FD868989D8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E2901457-C28C-49DA-9D4C-7E4FF40FC4CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{E2C7478F-18D1-4635-BBAC-DBFFD855AE5D}" = dir=in | app=d:\setup\hpznui01.exe | "{EBBEDEC2-F0D2-411D-AE7B-2E0DC89C9064}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EC3D1A14-A2F4-4A2C-B31A-A6A2C748C9E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F0B1AC39-FA0E-44E8-9739-1562FAE03C7B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F93113DA-85C5-40C1-998E-D2A83167DBDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{27A10680-5014-4B34-851E-85AC25508FB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{30AFA642-4C2F-44F1-B864-D8A14CB9359C}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{34A5994F-8C1B-43CC-B6DB-DF44A5C06BFB}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=6 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe | "TCP Query User{CDC537D9-FBCC-461A-9923-BE8C897932A7}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "UDP Query User{29AB00C5-7EF2-4EC6-B696-26647894D1D8}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe | "UDP Query User{5E9E8AAF-D7B5-4A72-BC24-255990A13910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{6FEA6B41-0F40-4265-8984-B5CCA9625440}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{B1518903-3AA0-41E7-AABD-7B0489BE044E}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=17 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0471A681-06EC-4C19-9F8A-DC59A60CD4AD}" = Brother HL-2030 "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{750A1A07-2A69-4606-9619-EA29A2BFF426}" = MAGIX Audio Cleaning Lab 16 deluxe "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI "{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013 "{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013 "{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013 "{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013 "{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013 "{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013 "{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français "{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano "{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013 "{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013 "{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013 "{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013 "{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013 "{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013 "{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013 "{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013 "{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security "{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel(R) Network Connections 14.6.9.0 "{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD091935-4900-6218-88CC-CBA82ADBBB39}" = myphotobook.de "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "AnyDVD" = AnyDVD "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "Audacity_is1" = Audacity 2.0.2 "Creative OA001" = Integrated Webcam Driver (1.03.02.0919) "de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de "DevalVR for Netscape" = DevalVR plugin for Netscape and compatible browsers "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "DVDGenie" = DVD Genie (remove only) "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "Express" = Express Dictate "ExpressBurn" = Express Burn "f4" = f4 3.1.0 "f42012" = f4 2012 "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.825 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "MAGIX Speed burnR D" = MAGIX Speed burnR "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoMail" = PhotoMail Maker "PROSetDX" = Intel(R) Network Connections 14.6.9.0 "Scribe" = Express Scribe "Shop for HP Supplies" = Shop for HP Supplies "TeamViewer 6" = TeamViewer 6 "TVWiz" = Intel(R) TV Wizard "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.9 "WavePad" = WavePad Sound Editor "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.5.8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Dropbox" = Dropbox "f031ef6ac137efc5" = Dell Driver Download Manager "Flux" = F.lux ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2013 14:00:02 | Computer Name = ulrike-PC | Source = Windows Backup | ID = 4103 Description = Error - 03.03.2013 14:14:26 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04.03.2013 08:58:46 | Computer Name = ulrike-PC | Source = MsiInstaller | ID = 11609 Description = Error - 05.03.2013 03:57:03 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.03.2013 04:41:58 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.03.2013 07:52:55 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794, Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794, Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01ce1a60fddd675c Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 61bf270a-8654-11e2-bc77-904ce5fb327c Error - 06.03.2013 18:41:01 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07.03.2013 06:56:34 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.5.0.0, Zeitstempel: 0x4fa7a664 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version: 4.5.0.0, Zeitstempel: 0x4fa7a664 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d07 ID des fehlerhaften Prozesses: 0x1a80 Startzeit der fehlerhaften Anwendung: 0x01ce1b21aed72e47 Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\pdf24-Editor.exe Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\pdf24-Editor.exe Berichtskennung: ac5bc74d-8715-11e2-bcfa-904ce5fb327c Error - 07.03.2013 15:09:46 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07.03.2013 19:07:17 | Computer Name = ulrike-PC | Source = System Restore | ID = 8210 Description = [ Media Center Events ] Error - 12.10.2012 14:43:56 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 20:43:49 - Fehler beim Herstellen der Internetverbindung. 20:43:49 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 13:01:29 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 19:01:29 - Fehler beim Herstellen der Internetverbindung. 19:01:29 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 13:01:40 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 19:01:34 - Fehler beim Herstellen der Internetverbindung. 19:01:34 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 15:19:04 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 21:19:04 - Fehler beim Herstellen der Internetverbindung. 21:19:04 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 15:19:09 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 21:19:09 - Fehler beim Herstellen der Internetverbindung. 21:19:09 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 16:19:21 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 22:19:21 - Fehler beim Herstellen der Internetverbindung. 22:19:21 - Serververbindung konnte nicht hergestellt werden.. Error - 13.10.2012 16:19:49 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 22:19:26 - Fehler beim Herstellen der Internetverbindung. 22:19:26 - Serververbindung konnte nicht hergestellt werden.. Error - 03.11.2012 13:53:50 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:53:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 07.11.2012 13:40:08 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:40:08 - Fehler beim Herstellen der Internetverbindung. 18:40:08 - Serververbindung konnte nicht hergestellt werden.. Error - 07.11.2012 13:40:18 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0 Description = 18:40:13 - Fehler beim Herstellen der Internetverbindung. 18:40:13 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 07.03.2013 11:22:36 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 11:25:50 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 14:29:12 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 14:30:51 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 19:06:19 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 19:08:16 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 07.03.2013 19:34:10 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 07.03.2013 19:35:48 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error - 08.03.2013 05:52:06 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error - 08.03.2013 05:54:01 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. < End of report > |
|
09.03.2013, 10:21
| #2 |
| /// TB-Ausbilder  | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
09.03.2013, 11:59
| #3 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Lieber Helfer,
__________________zunächst herzlichen Dank für deine Mühe und Zeit - ist für mich nicht selbstverständlich!! Bitte habe Geduld mit mir, weil ich nicht fit mit dem Thema bin und im Freundeskreis niemand habe, den/die ich fragen könnte. Mir fehlt schon der Grundwortschatz wie Code-Tags . Wenn du das Gefühl hast, du verplemperst deine Zeit mit mir, bitte sagen – vielleicht scheint bei dir auch die Sonne und du gehst besser raus… Hier meine Fragen: Du möchtest meinen Bericht per LOGFILE. Wie geht das?? Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Wenn ich „#“ anklicke, erscheint im Antwortfenster CODE/CODE in eckigen Klammern. Was dann? Schritt 1 - was sind Downloader Anwendungen? Alle Programme/Anwendungen, die ich je heruntergeladen habe? Die ganze Freeware wie Open Office, Audiobearbeitungsprogramm, Google Earth bis hin zu Skype? Inkl. der noch laufenden Testversion von Microsoft Office Professional Plus 2013? (Ich frage aus Unwissenheit!) Was bleibt übrig bei PROGRAMME UND FUNKTIONEN? Firefox und ??? Darf ich dir einen Screenshot schicken mit all meinen Programmen und Funktionen? - Ich habe Avira Free Antivirus installiert - die Windows Firewall funktioniert nicht mehr und lässt sich auch nicht aktivieren. Fehlercode 0x80070422 - ask.com konnte ich nicht entfernen. Ich habe im Browser bei „About:config“ alle ask.com zurückgesetzt. Schritt 2 bis 4: dazu habe ich keine Fragen : ) Fürs erste vielen lieben Dank! Ulrike |
|
09.03.2013, 12:01
| #4 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbersSo funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Wenn du nicht weißt was Downloader-Anwendungen sind, hast du vermutlich auch keine. Überspringe das. Ich sehe später schon selbst nur was weg kann/soll.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.03.2013, 12:06
| #5 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers test kopieren logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2013 11:35:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free
6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062CAA6B-28A3-45A9-B7E1-B99383740D3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0DDEFAF9-E3E7-4662-941E-7DD95231307F}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EBD2562-37AA-4B1E-A29B-CC09C0B69892}" = rport=445 | protocol=6 | dir=out | app=system |
"{0EF71681-61C7-4070-8F8A-BBB49E76A36A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1591D095-3A45-4CC9-A472-7E1F769E5612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1793E3E7-6913-4D00-99A4-6C173F6DE26D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A3D098B-C939-471A-AED0-72DAC19964AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BD2BA93-4317-48C3-AF06-48CAB0F4FD9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B88CF04-D565-43C8-B52E-EE7A7EA01C08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E21C46F-CB46-4A9A-8835-584188F399EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C9BF0D8-BE65-4B23-AAA4-7A63AC0D3519}" = lport=137 | protocol=17 | dir=in | app=system |
"{78144C86-87B0-430E-A06D-A000B53C3A42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A9AEA4A-E6E9-4E85-8FBF-B12D1E7EE3D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{81627E12-BDBE-4D1A-9105-3D1FBD2D3A18}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0558197-C271-4EEC-A1EC-D312E7477466}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A24E203E-8465-4E37-98A4-362DA2D89704}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD3D1502-DC72-4EA3-AA53-50C91B1BCB68}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4FD9C66-981D-44D2-88D1-60A51BF2376E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B508A02C-6B61-4770-8182-A999929BA9E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8CB2D64-3270-4936-8968-1C4825A9A509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA507813-7E74-4B8A-8171-D83ECE13FBCB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{BEF8EE2F-8B80-4C75-94C4-197BA0D3E8FD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C06A739F-8341-4336-9658-EDFBE279421C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD2200BF-141F-4CD4-A7C3-AC79AC6FFFEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E163E25F-5782-4620-A852-15DE025A3776}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7F79044-2EE6-48B4-B96C-05D44C7A0097}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DC4663-CD2E-4702-963C-D523EB99B837}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{04B65E9E-7D83-4AA2-A4AE-49F1E0E46140}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09B5B14F-5C1B-4323-954D-AACF097B76B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{107A3A21-1442-4DC7-9504-DCBC7A496E36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{27AD91CB-06B9-40E9-8B0F-DCE7E97B9830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2986192A-709B-405D-83FB-86B1EE1A88A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{398E9CD3-8695-4171-9D30-0DF06871518A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{3A840A33-616F-47CD-979E-B24BDA20E3C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{406EBDD1-56D3-43ED-A2B9-9A5DFEA22AFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40B7B5A8-E3C3-4003-8453-9E04B2EF3852}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43354F01-254C-4225-B268-C7B96D932500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48792B54-C554-42FE-881B-B202FFA57351}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{52DA8BE6-97AE-4BCD-8441-225D0A316A19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56A6DE05-4ECC-4FC3-8BF3-614C2D07A5C7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5AE2821D-A840-4218-93D8-E93AF46AB954}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{65B2F5B9-CD10-4092-BF83-1DAAD5C10F43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D9A82FF-6958-4C68-973F-C298D8A1D8FC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{73A8E1A3-243D-472A-B835-D10374AC7FD6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe |
"{75CA5A0B-E697-4935-AE18-AB85FEBF90F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{786F970B-C4F1-4914-8461-D894107F631E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{7CA34CBD-0629-4BD3-8A23-F05B12597E11}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe |
"{85F5ABE6-E9FD-4943-99CF-6339C3DE75E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D5DEE72-847B-4360-8567-2E1C96BD848D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8209922-B54B-4BDD-87E3-0B05FC0D695D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B15B1FF0-FA71-4EAD-A243-59E86B8ABFE8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{BBFB194E-EC14-49DE-AE74-7D44F4AFD2C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BFACB792-C975-460D-8587-9C3D4DC4DE60}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C05A9CEB-83B2-4718-A382-D4016CE8E0FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C0A12A82-84C1-4AD0-B0C6-E36B57A94384}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1342766-81A1-4709-9832-21D40929DBED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C20DF78F-A717-4462-BA19-603559E79635}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{CD90ADB2-3E7D-4267-92F4-A4FB6D6AC37E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CDD99A9F-37E3-4C3B-8FBA-90EDA0801EA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1E26FC2-3042-4D07-88CD-6CD312EF11C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D32F242E-2120-46E4-BC49-92BEE4F05D11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{D3383302-7323-405A-9DF5-2542F5C9AE0D}" = protocol=6 | dir=out | app=system |
"{D62640B5-61D6-4EC7-BB1A-88DBB515242B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{D72F4A2D-B581-43C8-A3D0-FD868989D8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2901457-C28C-49DA-9D4C-7E4FF40FC4CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E2C7478F-18D1-4635-BBAC-DBFFD855AE5D}" = dir=in | app=d:\setup\hpznui01.exe |
"{EBBEDEC2-F0D2-411D-AE7B-2E0DC89C9064}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC3D1A14-A2F4-4A2C-B31A-A6A2C748C9E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F0B1AC39-FA0E-44E8-9739-1562FAE03C7B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F93113DA-85C5-40C1-998E-D2A83167DBDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{27A10680-5014-4B34-851E-85AC25508FB1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{30AFA642-4C2F-44F1-B864-D8A14CB9359C}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{34A5994F-8C1B-43CC-B6DB-DF44A5C06BFB}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=6 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe |
"TCP Query User{CDC537D9-FBCC-461A-9923-BE8C897932A7}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe |
"UDP Query User{29AB00C5-7EF2-4EC6-B696-26647894D1D8}C:\program files\java\jre6\launch4j-tmp\mucommander.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\mucommander.exe |
"UDP Query User{5E9E8AAF-D7B5-4A72-BC24-255990A13910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6FEA6B41-0F40-4265-8984-B5CCA9625440}C:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ulrike\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B1518903-3AA0-41E7-AABD-7B0489BE044E}C:\users\public\documents\downloads\f4-v4-pc\f4.exe" = protocol=17 | dir=in | app=c:\users\public\documents\downloads\f4-v4-pc\f4.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0471A681-06EC-4C19-9F8A-DC59A60CD4AD}" = Brother HL-2030
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750A1A07-2A69-4606-9619-EA29A2BFF426}" = MAGIX Audio Cleaning Lab 16 deluxe
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel(R) Network Connections 14.6.9.0
"{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD091935-4900-6218-88CC-CBA82ADBBB39}" = myphotobook.de
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Audacity_is1" = Audacity 2.0.2
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"DevalVR for Netscape" = DevalVR plugin for Netscape and compatible browsers
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDGenie" = DVD Genie (remove only)
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Express" = Express Dictate
"ExpressBurn" = Express Burn
"f4" = f4 3.1.0
"f42012" = f4 2012
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.825
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"mclab_16dlx" = MAGIX Audio Cleaning Lab 16 deluxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"PROSetDX" = Intel(R) Network Connections 14.6.9.0
"Scribe" = Express Scribe
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.5.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Flux" = F.lux
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2013 14:00:02 | Computer Name = ulrike-PC | Source = Windows Backup | ID = 4103
Description =
Error - 03.03.2013 14:14:26 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.03.2013 08:58:46 | Computer Name = ulrike-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 05.03.2013 03:57:03 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.03.2013 04:41:58 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.03.2013 07:52:55 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften
Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01ce1a60fddd675c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 61bf270a-8654-11e2-bc77-904ce5fb327c
Error - 06.03.2013 18:41:01 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.03.2013 06:56:34 | Computer Name = ulrike-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.5.0.0,
Zeitstempel: 0x4fa7a664 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version:
4.5.0.0, Zeitstempel: 0x4fa7a664 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008d07
ID
des fehlerhaften Prozesses: 0x1a80 Startzeit der fehlerhaften Anwendung: 0x01ce1b21aed72e47
Pfad
der fehlerhaften Anwendung: C:\Program Files\PDF24\pdf24-Editor.exe Pfad des fehlerhaften
Moduls: C:\Program Files\PDF24\pdf24-Editor.exe Berichtskennung: ac5bc74d-8715-11e2-bcfa-904ce5fb327c
Error - 07.03.2013 15:09:46 | Computer Name = ulrike-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.03.2013 19:07:17 | Computer Name = ulrike-PC | Source = System Restore | ID = 8210
Description =
[ Media Center Events ]
Error - 12.10.2012 14:43:56 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 20:43:49 - Fehler beim Herstellen der Internetverbindung. 20:43:49
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 13:01:29 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 19:01:29 - Fehler beim Herstellen der Internetverbindung. 19:01:29
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 13:01:40 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 19:01:34 - Fehler beim Herstellen der Internetverbindung. 19:01:34
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 15:19:04 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 21:19:04 - Fehler beim Herstellen der Internetverbindung. 21:19:04
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 15:19:09 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 21:19:09 - Fehler beim Herstellen der Internetverbindung. 21:19:09
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 16:19:21 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 22:19:21 - Fehler beim Herstellen der Internetverbindung. 22:19:21
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2012 16:19:49 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 22:19:26 - Fehler beim Herstellen der Internetverbindung. 22:19:26
- Serververbindung konnte nicht hergestellt werden..
Error - 03.11.2012 13:53:50 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 18:53:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 07.11.2012 13:40:08 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 18:40:08 - Fehler beim Herstellen der Internetverbindung. 18:40:08
- Serververbindung konnte nicht hergestellt werden..
Error - 07.11.2012 13:40:18 | Computer Name = ulrike-PC | Source = MCUpdate | ID = 0
Description = 18:40:13 - Fehler beim Herstellen der Internetverbindung. 18:40:13
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 07.03.2013 11:22:36 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 07.03.2013 11:25:50 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 07.03.2013 14:29:12 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 07.03.2013 14:30:51 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 07.03.2013 19:06:19 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 07.03.2013 19:08:16 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 07.03.2013 19:34:10 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 07.03.2013 19:35:48 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 08.03.2013 05:52:06 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 08.03.2013 05:54:01 | Computer Name = ulrike-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
ist die DROPBOX evtl. eine Downloader Anwendung und muss weg? Gruß Ulrike hallo ryder, ich habe die dropbox für alle Fälle deinstalliert und deine Anweisungen bis Schritt 4 befolgt : ). Anmerkung: Schritt 3: TFC.exe blieb hängen, nachdem die temp-Dateien gelöscht waren. Ich musste task beenden durchführen, weil sich absolut nichts mehr tat. Hier die Ergebnisse von adwCleaner und dds+: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 09/03/2013 um 12:52:12 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : ulrike - ULRIKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ulrike\Desktop\adwcleaner_2113.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\ulrike\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\ulrike\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\ulrike\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\ulrike\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\ulrike\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\ulrike\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\ulrike\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\ulrike\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\ulrike\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\prefs.js
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("CT3282494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282494&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282494");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH_DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&Sea[...]
Gelöscht : user_pref("ct3282494.UserID", "UN21438861262096308");
Gelöscht : user_pref("smartbar.machineId", "9ZBIHYP5NXUNV+XNJDWDDEYEWZBT/RUY4F2VAOMUBII4COMP61HNP48Q46LAJIUDKQN[...]
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.33] : icon_url = "hxxp://www.plusnetwork.com/assets/56674c9b/img/favicon.ico",
Gelöscht [l.36] : keyword = "www.searchplusnetwork.com",
Gelöscht [l.39] : search_url = "hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}",
*************************
AdwCleaner[S1].txt - [7873 octets] - [09/03/2013 12:52:12]
########## EOF - C:\AdwCleaner[S1].txt - [7933 octets] ##########
Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: |
|
10.03.2013, 16:06
| #6 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Prima! Dann weiter: Scan mit Combofix
__________________ --> Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers |
|
10.03.2013, 19:57
| #7 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers hallo ryder, toll -  Ich habe gesehen, dass combofix meinen Virenschutz gelöscht hat. Die Antwort hier kommt von meinem alten Rechner, der unendlich langsam ist...aber es geht. Welche Freeware Virenschutz würdest du denn empfehlen bzw. von welcher Seite runterladen? Hier jetzt das Ergebenis von Combifix und ich freue mich, dass es voran geht! Code:
ATTFilter ComboFix 13-03-10.02 - ulrike 10.03.2013 18:58:12.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3536.2044 [GMT 1:00]
ausgeführt von:: c:\users\ulrike\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ashampoo_burning_studio_2010_9.12_6265(2).exe
c:\program files\ashampoo_burning_studio_elements_10.0.9_8678.exe
c:\program files\cdbxp_setup_4.3.9.2783.exe
c:\program files\sa3045_02_fus_eng.exe
c:\program files\sa3045_02_pal_eng.exe
c:\program files\SoftonicDownloader67434.exe
c:\program files\XMediaRecode2184_setup.exe
c:\programdata\avira_free_antivirus_de-13.0.0.3185.exe
c:\windows\IsUn0407.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-10 bis 2013-03-10 ))))))))))))))))))))))))))))))
.
.
2013-03-10 18:06 . 2013-03-10 18:06 -------- d-----w- c:\users\ulrike\AppData\Local\temp
2013-03-10 18:06 . 2013-03-10 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-10 18:05 . 2013-03-10 18:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE0C27C3-D851-483F-B9A8-3927536F0348}\offreg.dll
2013-03-10 17:03 . 2013-03-10 17:03 -------- d-----w- c:\program files\CCleaner
2013-03-09 10:30 . 2013-02-19 02:58 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE0C27C3-D851-483F-B9A8-3927536F0348}\mpengine.dll
2013-03-09 09:09 . 2013-03-09 09:09 -------- d-----w- c:\users\ulrike\AppData\Roaming\Avira
2013-03-09 08:52 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-09 08:52 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-09 08:52 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-09 08:52 . 2013-03-09 08:53 -------- d-----w- c:\programdata\Avira
2013-03-09 08:52 . 2013-03-09 08:52 -------- d-----w- c:\program files\Avira
2013-03-08 22:20 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-08 22:19 . 2013-03-08 22:19 -------- d-----w- c:\program files\AVAST Software
2013-03-08 22:14 . 2013-03-09 08:59 -------- d-----w- c:\programdata\AVAST Software
2013-03-08 20:44 . 2013-03-08 20:44 -------- d-----w- c:\users\ulrike\AppData\Roaming\TeamViewer
2013-03-08 20:13 . 2013-03-09 09:54 -------- d-----w- c:\program files\Common Files\Skype
2013-03-07 23:15 . 2013-03-07 23:15 -------- d-----w- c:\users\ulrike\AppData\Roaming\Malwarebytes
2013-03-07 23:15 . 2013-03-07 23:15 -------- d-----w- c:\programdata\Malwarebytes
2013-02-23 20:16 . 2013-03-09 10:40 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 08:13 . 2013-02-23 08:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-02-22 09:42 . 2013-02-22 09:42 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-02-22 09:41 . 2013-02-22 09:42 -------- d-----w- c:\program files\Microsoft SQL Server
2013-02-22 09:31 . 2013-02-22 09:43 -------- d-----w- c:\windows\SHELLNEW
2013-02-22 09:31 . 2013-02-22 09:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-02-22 09:31 . 2013-03-09 09:54 -------- d-----w- c:\users\ulrike\AppData\Local\Microsoft Help
2013-02-22 09:31 . 2013-02-23 08:13 -------- d-----w- c:\programdata\Microsoft Help
2013-02-22 09:30 . 2013-02-22 09:30 -------- d-----r- C:\MSOCache
2013-02-22 08:19 . 2013-02-22 09:02 -------- d-----w- c:\users\ulrike\AppData\Roaming\Download Manager
2013-02-19 19:51 . 2013-03-09 09:54 -------- d-----w- c:\program files\DVDVideoSoft
2013-02-19 19:51 . 2013-03-09 09:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-02-17 18:56 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-17 18:56 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-17 18:56 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-17 18:56 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-17 18:56 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-17 18:54 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 18:27 . 2012-04-09 15:45 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 18:27 . 2011-07-19 06:02 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-24 16:56 . 2012-10-07 20:12 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-24 16:56 . 2011-03-23 07:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-01-28 09:41 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-20 22:27 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-04-19 06:59 . 2012-04-19 06:59 473600 ----a-w- c:\program files\setup.exe
2012-04-19 06:59 . 2012-04-19 06:59 3125248 ----a-w- c:\program files\openofficeorg34.msi
2011-12-08 19:52 . 2011-12-08 19:51 14597312 ----a-w- c:\program files\Firefox Setup 8.0.1.exe
2011-11-14 20:05 . 2011-11-14 20:04 1258692 ----a-w- c:\program files\dvdshrink.3.2.de._decss-frei_.setup.exe
2011-11-14 20:04 . 2011-11-14 20:04 1258692 ----a-w- c:\program files\dvdshrink.3.2.de._decss-frei_.setup.exe.part
2011-06-01 15:01 . 2011-06-01 15:01 12362480 ----a-w- c:\program files\Firefox Setup 4.0.1.exe
2011-04-25 16:14 . 2011-04-25 16:13 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2011-02-12 12:17 . 2011-02-12 12:17 17642464 ----a-w- c:\program files\PDFCreator-1_2_0_setup.exe
2011-02-12 12:08 . 2011-02-12 12:07 20364702 ----a-w- c:\program files\vlc-1.1.7-win32.exe
2011-02-07 21:22 . 2011-02-07 21:20 23773544 ----a-w- c:\program files\FreeYouTubeToMP3Converter32.exe
2011-02-01 21:50 . 2011-02-01 21:49 23773544 ----a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2011-01-14 07:04 . 2011-01-14 07:03 14715008 ----a-w- c:\program files\Dropbox 1.0.10.exe
2010-08-16 21:11 . 2010-08-16 21:11 19461015 ----a-w- c:\program files\vlc-1.1.2-win32.exe
2010-07-01 05:51 . 2010-07-01 05:51 8424584 ----a-w- c:\program files\Firefox Setup 3.6.6.exe
2010-06-24 20:44 . 2010-06-24 20:44 568472 ----a-w- c:\program files\wpsetup.exe
2010-05-10 14:38 . 2010-05-10 14:38 13868427 ----a-w- c:\program files\NAVIGON_Fresh_setup.exe
2010-05-08 07:58 . 2010-05-08 07:58 10906498 ----a-w- c:\program files\FreeAudioDub_1.6.exe
2010-05-07 20:30 . 2010-05-07 20:30 212713 ----a-w- c:\program files\mp3DC211.exe
2010-05-04 19:57 . 2010-05-04 19:57 6728058 ----a-w- c:\program files\Setup_FreeConverter.exe
2010-05-04 19:55 . 2010-05-04 19:55 6188525 ----a-w- c:\program files\Setup_FreeFlvConverter.exe
2010-04-21 20:09 . 2010-04-21 20:09 562848 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-04-21 17:40 . 2010-04-21 17:39 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe
2010-04-20 19:09 . 2010-04-20 19:09 10315456 ----a-w- c:\program files\GoogleEarthWin.exe
2010-04-02 17:23 . 2010-02-17 16:41 685568 ----a-w- c:\program files\DVSUninstall.exe
2010-03-31 18:54 . 2010-05-08 07:59 2003968 ----a-w- c:\program files\FreeAudioDub.exe
2010-03-15 21:48 . 2010-03-15 21:48 977552 ----a-w- c:\program files\essetup.exe
2010-03-01 20:25 . 2010-03-01 20:22 152882016 ----a-w- c:\program files\OOo_3.2.0_Win32Intel_install_de.exe
2010-02-17 16:47 . 2010-02-17 16:46 22240040 ----a-w- c:\program files\SkypeSetupFull179.exe
2010-02-17 16:39 . 2010-02-17 16:38 12260429 ----a-w- c:\program files\FreeYouTubeToMp3Converter327.exe
2010-02-16 21:27 . 2010-02-16 21:23 167555440 ----a-w- c:\program files\OOo_3.2.0_Win32Intel_install_wJRE_de(2).exe
2010-02-09 20:57 . 2010-02-09 20:57 6343388 ----a-w- c:\program files\Setup674_FreeFlvConverter.exe
2010-02-08 18:57 . 2010-02-08 18:55 61037560 ----a-w- c:\program files\MediaMarkt_Fotoservice.exe
2010-02-04 21:31 . 2010-02-04 21:31 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
2010-02-04 15:02 . 2010-02-04 15:02 16488224 ----a-w- c:\program files\jre-6u18-windows-i586-s.exe
2010-02-01 22:14 . 2010-02-01 22:14 1924200 ----a-w- c:\program files\install_flash_player.exe
2010-02-01 21:43 . 2010-02-01 21:42 8840816 ----a-w- c:\program files\Thunderbird_Setup_3.0.1.exe
2010-02-01 19:44 . 2010-02-01 19:44 3211616 ----a-w- c:\program files\tcmd750a.exe
2010-01-31 22:27 . 2010-01-31 22:27 564064 ----a-w- c:\program files\googleupdatesetup.exe
2010-01-30 11:32 . 2010-01-30 11:31 32494896 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-01-30 11:30 . 2010-01-30 11:29 18965012 ----a-w- c:\program files\f4-v31.exe
2010-01-30 10:11 . 2010-01-30 10:11 1167688 ----a-w- c:\program files\wlsetup-custom.exe
2010-01-28 15:12 . 2010-01-28 15:12 149845064 ----a-w- c:\program files\OOo_3.1.1_Win32Intel_install_de.exe
2013-03-08 10:17 . 2013-03-08 10:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-01 09:19 1722488 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-01 09:19 1722488 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-01 09:19 1722488 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 17:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 17:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\ulrike\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-02-28 1274832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-11 656384]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-01-23 385248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
backup=c:\windows\pss\Dell ControlPoint System Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ulrike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk]
path=c:\users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
backup=c:\windows\pss\tbhcn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2009-06-03 12:07 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
2009-10-05 18:40 1826816 ----a-w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7]
2013-02-28 23:08 1274832 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-08-03 04:43 174104 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-07 04:29 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-03 04:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-05-07 10:47 160840 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-24 19:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-03 04:43 151064 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2009-08-14 11:30 15872 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2009-07-27 11:18 134656 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [x]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 12:33 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:27]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:27]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: NameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\
FF - ExtSQL: !HIDDEN! 2012-06-27 18:06; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - c:\program files\ToolKitService\splash.dll
Toolbar-Locked - (no file)
Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - c:\program files\ToolKitService\toolbar.dll
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
MSConfigStartUp-Dell Webcam Central - c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-tktray - c:\program files\ToolKitService\tktray.exe
MSConfigStartUp-Video Performer63694 - c:\users\ulrike\AppData\Local\Temp\Video Performer63694.exe
AddRemove-DVDGenie - c:\program files\DVD Genie\uninst-dvdgenie.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(540)
c:\windows\system32\wvauth.DLL
.
Zeit der Fertigstellung: 2013-03-10 19:07:44
ComboFix-quarantined-files.txt 2013-03-10 18:07
.
Vor Suchlauf: 7 Verzeichnis(se), 35.000.856.576 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 34.890.588.160 Bytes frei
.
- - End Of File - - ACE193CD33B71DDDC5DD0A1E87C6FAB5
|
|
10.03.2013, 20:34
| #8 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Um den Virenschutz kümmern wir uns später. Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
10.03.2013, 22:15
| #9 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers hallo ryder, klappt alles super nach deinen Anleitungen! Hier das nächste Resultat und hab einen relaxten Montag!: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.10.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ulrike :: ULRIKE-PC [administrator]
10.03.2013 22:11:00
mbar-log-2013-03-10 (22-11-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27429
Time elapsed: 13 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
10.03.2013, 22:20
| #10 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Okay. Bis dahin noch 2 Dinge: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 2: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
Alternativer Link: SecurityCheck Download
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.03.2013, 13:34
| #11 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers hallo ryder, Hausaufgaben sind erledigt - hier die beiden Log Files: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b76bf5eaa8eef444bca942ca4fd5a732
# engine=13351
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-11 09:01:05
# local_time=2013-03-11 10:01:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 176512 176512 0 0
# compatibility_mode=1799 16775165 100 97 7186 228415755 0 0
# compatibility_mode=5893 16776573 100 94 6896 114623656 0 0
# scanned=729
# found=0
# cleaned=0
# scan_time=719
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b76bf5eaa8eef444bca942ca4fd5a732
# engine=13351
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-11 11:55:24
# local_time=2013-03-11 12:55:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 186971 186971 0 0
# compatibility_mode=1799 16775165 100 97 17645 228426214 10422 0
# compatibility_mode=5893 16776573 100 94 17355 114634115 0 0
# scanned=267818
# found=0
# cleaned=0
# scan_time=10122
Code:
ATTFilter Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 11.6.602.171
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
12.03.2013, 15:22
| #12 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Prima!  Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional) Schritt 3: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.03.2013, 08:03
| #13 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers hallo ryder, zunächst VIELEN Dank für deine vielen Anleitungen - und beinahe wärst du erlöst, wenn ich nicht heute Nacht einen Fehler gemacht hätte. Ich habe deine Email abgearbeitet...den Rat angenommen, Avast zu installieren und Avira zu löschen. Habe Avast geladen und auf dem Desktop gespeichert (noch nicht installiert). Anschließend wollte ich mit aswClear Avira entfernen. Dabei habe ich versehentlich den falschen Link gewählt, nämlich fürs Entfernen von Avast. Die Anwendung gestartet und dann kam eine Warnung, es könne nur im geschützten Modus gearbeitet werden. Anstatt abzubrechen, hat mein manchmal zu schneller Finger schon ein okay gegeben. Und nun komme ich aus dem geschützten Modus nicht mehr raus. Habe mehrfach eine Systemwiederherstellung durchgeführt - angeblich erfolgreich - doch der Rechner startet immer wieder im geschützten Modus. Kannst du mir bitte nochmals helfen??? Schöne Grüße vom Frankenland ins Frankenland! |
|
13.03.2013, 08:24
| #14 |
| /// TB-Ausbilder | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers Du meinst abgesicherter Modus?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.03.2013, 15:16
| #15 |
| | Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers JA! |
|
| Themen zu Gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers |
| 32 bit, adobe, bonjour, browser, converter, defender, device driver, dvdvideosoft ltd., error, explorer, fehlermeldung, firefox, flash player, format, gmer.exe, google, helper, infizierte, install.exe, jquery, koyote, ladefehler gmer, logfile, mausklick, mozilla, mp3, msiinstaller, officejet, photoshop, plug-in, pup.blabbers, registry, rundll, security, server, software, svchost.exe, udp |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
