OTL EXTRAS Logfile: Code:
OTL logfile created on: 03.03.2013 23:44:27 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 55,28% Memory free
7,35 Gb Paging File | 5,63 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PVUSB) -- C:\Windows\SysNative\drivers\CESG64.sys (CASIO COMPUTER CO.,LTD.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE409
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: {2ad12297-01a9-4e1c-b219-add3751a8e5a}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011.07.21 11:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013.03.03 22:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 19:22:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.29 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M]
[2010.12.08 18:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.03.03 17:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions
[2012.03.17 14:26:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.26 14:39:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.08 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.03 20:34:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2013.03.03 22:50:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6
[2011.07.21 11:29:18 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{2AD12297-01A9-4E1C-B219-ADD3751A8E5A}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2012.05.19 19:22:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.19 19:22:43 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.19 19:22:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.19 19:22:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.19 19:22:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Sahara = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplnldbhjbakploidcdefoebhmengpm\2.0_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5C1E74-7170-4962-A318-D2234ADA1AD4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B585D3-4E04-40CE-AABB-A13192FAB352}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.03 17:23:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.03 23:25:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.03 22:58:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.03 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.03.03 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 18:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 18:19:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Programs
[2013.03.03 17:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.03.03 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.03 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.03 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader
[2013.03.03 15:35:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.03 15:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013.03.03 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2013.03.03 15:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.03.03 15:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013.03.03 15:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Freemake
[2013.03.03 15:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.03.03 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.02.04 22:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.02.03 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013.02.03 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.02.03 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013.02.03 20:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\HP
[2013.02.03 20:38:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\HP
[2013.02.03 20:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.02.03 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013.02.03 20:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013.02.03 20:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.02.03 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.02.03 20:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.02.03 20:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.02.02 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2013.02.02 16:20:56 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.02.02 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.02.02 16:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.03 23:23:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 22:58:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.03 22:54:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
[2013.03.03 22:52:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.03 22:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.03.03 22:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.03 22:50:28 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.03 18:19:30 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.03 17:54:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
[2013.03.03 17:23:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.28 18:56:27 | 000,002,376 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2013.02.20 20:25:13 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 20:25:13 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 20:25:13 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 20:25:13 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 20:25:13 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 21:18:16 | 000,449,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.03 21:14:34 | 000,225,522 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013.02.03 21:14:25 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk
[2013.02.03 21:08:19 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.03 21:08:19 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.03 20:59:21 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk
[2013.02.03 20:33:24 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.03 20:32:47 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.03 20:31:58 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2013.02.02 16:23:03 | 000,001,248 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.02 16:21:02 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.03 18:19:30 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.03 17:23:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.03 21:18:31 | 000,449,864 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.03 21:14:25 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk
[2013.02.03 21:08:19 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.03 21:08:19 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.03 20:59:21 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk
[2013.02.03 20:42:01 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013.02.03 20:33:24 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.03 20:32:47 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.03 20:31:58 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2013.02.03 20:24:29 | 000,225,522 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013.02.02 16:23:03 | 000,001,248 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.02 16:21:02 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.23 20:35:13 | 000,002,787 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel
[2012.11.29 20:59:23 | 000,000,715 | ---- | C] () -- C:\Windows\ManagerPLUS.INI
[2012.03.29 23:47:19 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm
[2011.03.28 15:21:36 | 000,040,734 | ---- | C] () -- C:\Users\Sarah\Kunst Gesicht.JPG
[2011.03.14 19:23:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.12 19:49:07 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.03 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2012.10.06 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
[2013.03.03 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader
[2013.01.23 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2012.01.14 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2013.02.02 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2010.12.12 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2011.03.30 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific
[2013.03.03 15:28:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2010.12.26 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< OTL Extras logfile created on: 03.03.2013 23:00:41 - Run 1 >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.08 18:17:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.12.08 18:17:56 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:00:42 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
[2010.12.23 19:00:42 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
[2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job
< OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Downloads >
< 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.7600.16385) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,68 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 44,64% Memory free >
< 7,35 Gb Paging File | 5,20 Gb Available in Paging File | 70,76% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) >
< Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS >
< >
< Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. >
< Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
< .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< htafile [open] -- "%1" %* >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) >
< InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [explore] -- Reg Error: Value error. >
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< htafile [open] -- "%1" %* >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [explore] -- Reg Error: Value error. >
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
< "cval" = 1 >
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
< "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 1 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 1 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 1 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{02E560B9-ACFD-4DCF-AA7E-31276D3EF7E8}" = lport=138 | protocol=17 | dir=in | app=system | >
< "{0A5D2F14-7E93-4190-BDF9-3FA12EE83976}" = rport=138 | protocol=17 | dir=out | app=system | >
< "{0A7F0C14-7981-4A0B-BE98-B26C2C274636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{0C169743-2240-4AC8-829D-2EFD9C59E6B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{10B51755-8641-4D84-A8F9-8D41259C5B63}" = lport=137 | protocol=17 | dir=in | app=system | >
< "{16E4FBC3-5B8B-469D-9A66-89020AB69A3A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{1DAACFC5-8258-4341-A771-2486BF2A3180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{1E8D0DFD-14EA-4AB0-9DA4-1AD8862C75FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{224D50E3-7287-4375-A7DF-1706EE332CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{35409B81-A00A-495C-BCEA-45173D608A75}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{3CBF7BAB-DDB2-4587-B478-F4D3D54E9ADB}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{49ED43E4-D24D-4121-90D2-7C2D16B75779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{535F4414-D319-432D-B481-CF5B8DA4E0DA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{544640E7-3F39-4B84-89DB-94D13F39B60B}" = rport=10243 | protocol=6 | dir=out | app=system | >
< "{57DE36FC-BFD1-44DC-8BE6-DD0B09A02966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{59DC71A5-00E9-4F32-AD60-A2F833AFE938}" = rport=137 | protocol=17 | dir=out | app=system | >
< "{7396E6B6-43AA-4448-9CE8-C1744AECBEFD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{8050A616-C7B8-4FF4-8461-2AAF707CB326}" = rport=139 | protocol=6 | dir=out | app=system | >
< "{81E98AF7-0376-4E1D-8581-CF8B5F3204C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{871C2FF2-4CD5-4035-9869-3AD508B92F26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{8884BA0A-23CA-4E4A-AC96-0D909BE4B3E3}" = lport=10243 | protocol=6 | dir=in | app=system | >
< "{897E572A-BCC1-4011-818B-02BDA31C4B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{8AB98AF9-AA3D-4A88-A96B-4445AE4A1E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{9075456E-DD7D-4AB8-81A0-D018038825D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{90BA20D6-F364-40A3-ACA6-CDED0F919328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | >
< "{93BECE9F-F231-40C7-896A-F3AF43F109E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{9D67AFFF-B5EF-44D3-AC94-26F81DC9BCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{A3E1D349-6639-42DB-9ED8-4285954B6315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{B0666CCF-F888-4FB3-9CD7-85D63D8E2598}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | >
< "{B52E3136-A7DA-4491-879E-14D259A06179}" = rport=445 | protocol=6 | dir=out | app=system | >
< "{B559DA58-4ABB-4789-96FC-05D76DF59AF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{B5F9EF2F-DE5C-41F6-8F8D-7EA28057A171}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | >
< "{CA9B2CE6-2B10-4B27-8483-E3F93EA4C3AD}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{CE7156C1-A588-4C85-BF92-8EF07E26420B}" = rport=2869 | protocol=6 | dir=out | app=system | >
< "{CEC0ABF4-2FC5-4BDE-BBB9-13D03F81EF35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{D13C722B-F61C-40DC-92D2-DD2394B917EF}" = lport=139 | protocol=6 | dir=in | app=system | >
< "{DD25274F-7C9B-469E-982B-0D01790FD898}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | >
< "{E4D46C06-5800-4A59-B164-AE3B633A450A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{E8BAB55C-3F4A-4FCC-9FAD-A01BB2262A3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{EE505EB0-BE43-4997-BDDC-3B8F0CB2E8B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{EED38836-D1E9-4778-8541-8606AE9DB5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{F79A3CF5-C39A-47D2-8ED5-E4969A135046}" = lport=445 | protocol=6 | dir=in | app=system | >
< >
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{01325272-C373-48F0-B247-442B457FB54D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{09DE98A0-EE10-479B-AB38-82F12FE256C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{1181B667-752A-4422-B81F-9994F6F4A02E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{11BF11C9-502B-4FAC-A458-948DFF282343}" = dir=in | app=d:\setup\hpznui40.exe | >
< "{12194258-DEC2-46CC-88E1-67BDF2C2EA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{15609DD8-5353-48B0-B514-12624C79507F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | >
< "{16B816E1-34CA-456A-842D-F9BA5C44CCC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | >
< "{16BD5F0E-73B9-4E8B-A503-B70196216753}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | >
< "{197A1EE6-3290-4826-B8E8-3BBA7849AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{1C2E0654-6B3F-4D81-BEF9-2644C92D568C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | >
< "{1C7E0163-F2E3-46C4-B1F5-AF4704B864EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | >
< "{20F7A05F-82E0-4EE6-ADAD-64A835186B35}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | >
< "{215AE1D4-97BE-4581-9799-8D2519F64C92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | >
< "{251B9962-0F75-47C8-8A59-9221F63ACEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{2B01595E-1C5D-4F86-BD39-FC4ECE9D9B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | >
< "{310B740E-947B-4D65-8CB1-A06ADE8B359D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{33B93F3E-F469-4068-A1CC-040962670F54}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | >
< "{36CD377B-922A-42C9-9740-E4FA3453071B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{3CAA1EF1-6C47-42C8-8A9C-B8FFEEA85A66}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{43BB6A5D-6052-4BE2-8A5B-D1587996F060}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{468BD279-8304-4D9F-8847-8A01C40A2501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{538774C7-83DC-42F3-A328-DC9ACA5ACA60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | >
< "{548AF0BE-61FC-4B94-ABF4-F1F4E121041B}" = protocol=6 | dir=out | app=system | >
< "{5871EA16-BC7E-40B0-9A75-47B434F16F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{588DEA38-14E3-41E9-96E7-26116F3D2B13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{603A3C43-0B6C-4A6E-AABA-CC0C71A693ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | >
< "{62AB305A-F1E3-45B7-A288-30F0711AA655}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | >
< "{64BE7C9F-A878-4440-AA06-CD803D40FF1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{6F8C0130-52A7-4E66-8406-9AD2E40E1694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | >
< "{6FDD7378-190F-4285-B739-CFAD1F178C13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | >
< "{74DD49EB-4119-4446-A203-7A0ED4D48D66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | >
< "{77B7F16C-691C-4B6B-ADBF-6D0DAC1A269D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | >
< "{79A23AE9-3900-4940-A5E3-827B22BE99EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{7A449B80-525B-47D8-AF9E-9DD6EAFB0527}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | >
< "{7E8845CA-CEEB-48E1-AC27-BE123C6A9FB0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | >
< "{7F005C8B-D339-4FCF-BFD3-EF5CEBB404A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{84960B25-606C-4810-8D6E-470045DF7911}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{85515082-65A4-4657-B4BF-8DC27EA0B926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | >
< "{85BE4258-B0C0-4C0C-841C-737500F075FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{90FE6BAD-4A02-4A63-A7FD-1080F193A5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{951DF364-8C16-4CD4-8BD4-23393F3F3515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{9940EB60-A657-460A-8708-896F030A6555}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | >
< "{9F2D6276-4CAD-4F9E-B77D-9B904E702A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | >
< "{9F821BCA-7059-4BE3-B110-53B333022C8F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | >
< "{A3577D87-14C4-44F3-8F20-CE96CFCA174D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | >
< "{A9CE400C-8052-422F-8A01-E3015E34A10B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{ADBAA774-8DA6-4642-840D-27F729BDD22F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | >
< "{B002CBB9-6A6D-4240-A2EC-FAC779813D63}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | >
< "{B1304A00-E7DB-459C-B912-62DADC109F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | >
< "{B845DA90-A072-47B4-9D00-B7EFC862CBE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | >
< "{CEFC3EBC-FA88-408F-84DD-847BBA42BF2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | >
< "{D2E5ABA4-F66E-4C59-B26C-8A4F9EB56C39}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | >
< "{D78697A6-A2D0-46DB-9AB9-E46899666091}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | >
< "{E1254349-CCF9-4E4A-B448-B2CF07027BA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{E4377567-E397-4645-B009-D2627696B83C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{E52B2D27-F1D0-4812-8BDC-03C12F2262FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | >
< "{E55AF2D3-55D0-487A-81D3-6008EB1ACEAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | >
< "{E5F3AE42-E711-40EC-B21C-65FD25AB2556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | >
< "{FCDCF18D-0A15-4BD8-AB6C-6B76084EF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | >
< "{FFCEB4B8-AA9C-49BA-9BA1-7AEC72D5E974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 >
< "{22B3AE66-7A37-4118-BADB-3680C15CA366}" = SpyHunter >
< "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 >
< "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer >
< "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 >
< "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 >
< "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting >
< "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver >
< "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller >
< "CCleaner" = CCleaner >
< "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 >
< "HP Print Projects" = HP Print Projects 1.0 >
< "HP Smart Web Printing" = HP Smart Web Printing 4.5 >
< "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 >
< "HPExtendedCapabilities" = HP Customer Participation Program 13.0 >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Shop for HP Supplies" = Shop for HP Supplies >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller >
< "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan >
< "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard >
< "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch >
< "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer >
< "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool >
< "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery >
< "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT >
< "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 >
< "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer >
< "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 >
< "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com >
< "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie >
< "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm >
< "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform >
< "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management >
< "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology >
< "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker >
< "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger >
< "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg >
< "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN >
< "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter >
< "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent >
< "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 >
< "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call >
< "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader >
< "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works >
< "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 >
< "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components >
< "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting >
< "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply >
< "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox >
< "{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth >
< "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update >
< "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 >
< "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync >
< "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera >
< "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management >
< "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 >
< "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight >
< "{8DD67C37-BA7A-4CBE-AD3C-308100D61ED7}" = fx-9860G Slim Manager PLUS (30 Day Trial) >
< "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 >
< "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System >
< "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 >
< "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR >
< "{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI >
< "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status >
< "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations >
< "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner >
< "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant >
< "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail >
< "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup >
< "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects >
< "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget >
< "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp >
< "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer >
< "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide >
< "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update >
< "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant >
< "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater >
< "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] >
< "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard >
< "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver >
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
< "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center >
< "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials >
< "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy >
< "{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124 >
< "Adobe AIR" = Adobe AIR >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin >
< "AudibleManager" = AudibleManager >
< "eMachines Game Console" = eMachines Game Console >
< "eMachines Registration" = eMachines Registration >
< "eMachines Screensaver" = eMachines ScreenSaver >
< "eMachines Welcome Center" = Welcome Center >
< "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 >
< "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508 >
< "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13 >
< "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.14.508 >
< "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 >
< "Identity Card" = Identity Card >
< "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 >
< "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 >
< "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader >
< "Klett Software Horizons Sicher ins Abitur" = Klett Software Horizons Sicher ins Abitur >
< "LManager" = Launch Manager >
< "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 >
< "Moorhuhn 2 deinstallieren" = Moorhuhn 2 >
< "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) >
< "NIS" = Norton Internet Security >
< "Uninstall_is1" = Uninstall 1.0.0.1 >
< "WildTangent emachines Master Uninstall" = eMachines Games >
< "WinGimp-2.0_is1" = GIMP 2.6.10 >
< "WinLiveSuite_Wave3" = Windows Live Essentials >
< "WinPcapInst" = WinPcap 4.1.2 >
< "WT078910" = Bejeweled 2 Deluxe >
< "WT078919" = Insaniquarium Deluxe >
< "WT078930" = Zuma Deluxe >
< "WT078958" = Blasterball 3 >
< "WT078962" = Bob the Builder Can-Do-Zoo >
< "WT079018" = Faerie Solitaire >
< "WT079022" = FATE - The Traitor Soul >
< "WT079062" = Jewel Quest >
< "WT079066" = Jewel Quest Solitaire 3 >
< "WT079106" = Penguins! >
< "WT079114" = Polar Bowler >
< "WT079118" = Polar Golfer >
< "WT079122" = Polar Pool >
< "WT079175" = Virtual Villagers - A New Home >
< "WT079180" = Yahtzee >
< "WT079283" = Build-a-lot 2 >
< "WT079296" = Chicken Invaders 3 - Revenge of the Yolk >
< "WT079316" = Escape Rosecliff Island >
< "WT079329" = Mahjongg Artifacts >
< "WT079418" = Virtual Families >
< >
< ========== HKEY_USERS Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_USERS\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "Dropbox" = Dropbox >
< "Google Chrome" = Google Chrome >
< >
< ========== Last 20 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 01.06.2012 10:08:08 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 11:16:29 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 12:12:31 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 13:13:26 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 14:13:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 15:12:01 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 16:00:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 01.06.2012 17:08:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 02.06.2012 04:00:53 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< Error - 02.06.2012 04:11:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
< Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
< Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
< gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
< . >
< >
< [ System Events ] >
< Error - 02.03.2013 17:54:48 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 >
< Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden >
< Fehlers nicht gestartet: %%1053 >
< >
< Error - 03.03.2013 06:07:13 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: >
< C:\Windows\system32\athExt.dll Fehlercode: 126 >
< >
< Error - 03.03.2013 06:08:18 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010 >
< Description = >
< >
< Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
< Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal >
< passiert. >
< >
< Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
< Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. >
< Dies ist bereits 1 Mal passiert. >
< >
< Error - 03.03.2013 12:22:51 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
< Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal >
< passiert. >
< >
< Error - 03.03.2013 12:43:49 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: >
< C:\Windows\system32\athExt.dll Fehlercode: 126 >
< >
< Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009 >
< Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst >
< IPsec-Richtlinien-Agent erreicht. >
< >
< Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 >
< Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers >
< nicht gestartet: %%1053 >
< >
< Error - 03.03.2013 17:50:41 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: >
< C:\Windows\system32\athExt.dll Fehlercode: 126 >
< >
< >
< < End of report >
--- --- ---
> < >
< End of report >[/CODE] |
TDSSKiller.exe und speichere diese Datei auf dem Desktop
Textbox. 
WARNUNG an die MITLESER: