Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   E- Mail Account gehackt? (https://www.trojaner-board.de/126051-e-mail-account-gehackt.html)

Karen 23.10.2012 20:30
E- Mail Account gehackt?
 
Hallo
Vorweg zur Info: ich habe leider nicht allzuviel Ahnung von Computern. Ich bin schon froh, weiss ich was das Internet ist, und dass ich es hier auf diese Seite geschafft habe. :applaus:

Ich habe hier schon in den Foren etwas zu meinem Problem (Mail Delivery System) gefunden, aber leider beschreibt es mein Problem nicht ganz.

Vor einer Woche bekam ich ein Mail (um 4:32 nachts, wo ich schlafe :sleepy: ), dass einige Mails nicht zugestellt werden konnten. In der Mail waren alle Adressen meines gmx Adressbuchs genannt.

Am nächsten Morgen bekam ich von 2 der genannten Leute einen Anruf, sie haben ein SPAM von mir bekommen.
Allerdings hab ich definitiv nichts geschickt, da ich 1. geschlafen hab und 2. einigen dieser Leute schon lange nicht mehr gemailt habe.

Seitdem bekomme ich jeden Tag vom
Mail Delivery System <mailer-daemon@gmx.net>
eine nachricht, dass irgendwelche Nachrichten nicht gesendet werden konnten.

Habe schon mein Norton Antivirus laufen lassen, aber der hat (ausser 40 cookies) nichts gefunden.

Habe auch schon mein Passwort vor 3 Tagen geändert (GMX- Login- Passwort), aber trotzdem bekomme ich diese Nachricht.

Was kann ich noch tun? :killpc:
Würde es etwas nützen, wenn ich mein Adressbuch komplett lösche?
Oder muss ich mich vom GMX abmelden?

Vielen Dank für Eure Hilfe (schon im Voraus).
Karen

:dankeschoen:



So sieht die Meldung von Sonntag aus:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. The following addresses failed:

<***@highspeed.ch>

host highspeed.ch[213.46.242.72]:
connection to mail exchanger failed with timeout
retry timeout exceeded


--- The header of the original message is following. ---

MIME-Version: 1.0
Message-ID: <trinity-c7993bd2-bb76-4a71-8b21-f8a62534b87b-1350431191175@msvc018>
From: ***@gmx.ch
To: ***@gmx.ch, ***@bluewin.ch, ***@bluewin.ch,
***@t-online.de, ***@fasnacht-erlen.ch,
***@bluewin.ch, ***@bluewin.ch, ***@gmx.ch,
***@yahoo.de, ***@hotmail.de, ***@gmail.com,
***@highspeed.ch, ***@kids-models.ch, ***@gmx.ch,
***@bluewin.ch, ***@jorgaros.de, ***@gmx.at,
***@tele2.ch, ***@gmx.ch, ***@bluewin.ch,
***@bluewin.ch, ***@gmx.li, ***@gmx.de,
***@giessenpark.ch, ***@gmx.ch,
***@muenchen-mail.de, ***@bluewin.ch
Subject: Fwd: I am finally became Boss...
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Importance: normal
Date: Wed, 17 Oct 2012 01:46:31 +0200 (CEST)
X-Priority: 3
X-Provags-ID: V02:K0:/kFtozOrR8jq8hgiQ4/k+Zmv2Ih5ADDwzy563ObnrhS
wUxnkqH7xu6vdgXti81fwa7Q4qiO/uy47jaVD+ym0UWHX+fETj
t80UqfLr+7CnUG4fG0trt5kIO8QdjsY+jjSVMGcCde8sEIKVeH
J7Je+hg1OlT2VtygvsiZXu9SPNupUmYSYSV7CQ7frXjvmJUOEn
b7KFR3ztKbBXdBqOawIRBhoxA6CmXTXcxmd6M493IqHuclW+2D
Wxp88+ZAb7rSqQW/A0G6UISzMEZ6nJfKM7pIUzxey/pI1/ZT3x
c3Iz/TWncceNkgwuvQ9I/OYTb4g3wt2+mqcWHPsW+lXVMGPSVg
n8XJHqFBd3blrujI/oqKzeaAq9RDcltbXRol/kLL0SfZcb1Zaj
rv8/kOhpAIII3xxG3mocpswjZ4Y11zAlbo=

markusg 23.10.2012 20:55
hi
wenn wir fertig sind, musst du, zusätzlich zu allen deinen kennwörtern, auch die passwort vergessen abfragen endern.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Karen 23.10.2012 21:06
Au wei, na das wird kompliziert für mich (bin aus Überzeugung blond :balla:).

Aber bevor ich das mal versuche noch eine Frage:
Ist es egal, auf welchem Laptop ich das mache? Angefangen hat das mit den Mails nämlich, als ich in meiner anderen Wohnung war, also anderer Lappi und anderes Wireless. Jetzt sitze ich grad bei meinem Mann am Laptop.

Sorry, ich versteh wirklich nicht viel von Computern- ich hoffe, ich steh jetzt nicht allzu blöd da. :pfeiff:

markusg 23.10.2012 21:11
poste einfach mal otl logs von beiden geräten, beschrifte sie aber, mit gerät 1 und 2 so das wir sie auseinander halten können

Karen 23.10.2012 21:37
So, habs jetzt mal auf dem Laptop meines Mannes laufen lassen und die 2 Dateien in die Custom Scans/ Fixes reinkopiert. jetzt auf scan klicken?

Kann heute nur mit dem Laptop meines Mannes (nennen wir ihn Laptop Old, weil er schon älter ist. Meiner ist erst 2 Monate alt) arbeiten. Meiner kommt dann halt morgen oder übermorgen dran :singsing:

Also nachdem das OTL durchgelaufen ist, hab ich 2 Texte bekommen.OTL Logfile:
Code:
OTL logfile created on: 23.10.2012 22:19:46 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\karren\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 489.10 Mb Available Physical Memory | 48.23% Memory free
1.99 Gb Paging File | 1.18 Gb Available in Paging File | 59.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46.57 Gb Total Space | 17.15 Gb Free Space | 36.83% Space Free | Partition Type: NTFS
Drive D: | 39.60 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: KARREN-PC | User Name: karren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={E26D5263-24E6-4435-8D64-9B65309DB802}&mid=cff44966ec5b47d086a8d15aefa0763d-901d4ee6c11ecb89952226f72abc17e210263ed6&lang=de&ds=ts024&pr=sa&d=2012-06-19 21:55:31&v=12.2.5.32&sap=hp
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E26D5263-24E6-4435-8D64-9B65309DB802}&mid=cff44966ec5b47d086a8d15aefa0763d-901d4ee6c11ecb89952226f72abc17e210263ed6&lang=de&ds=ts024&pr=sa&d=2012-06-19 21:55:31&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{F20FE6B5-E947-47C2-8519-2C2BBBAA9C17}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=487eb73e-b59c-4d0d-84e5-c1cb2a7668c8&apn_sauid=051AFEE9-F24C-4047-8F9E-E51720D86124
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10396&locale=de_CH&apn_uid=487eb73e-b59c-4d0d-84e5-c1cb2a7668c8&apn_ptnrs=%5EABU&apn_sauid=051AFEE9-F24C-4047-8F9E-E51720D86124&apn_dtid=%5EYYYYYY%5EYY%5ECH&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.21 23:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.21 23:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.23 21:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Extensions
[2012.06.23 21:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.11 12:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions
[2012.08.11 12:53:47 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions\DefaultManager@Microsoft
[2012.08.09 20:14:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions\toolbar@ask.com
[2012.08.09 20:14:21 | 000,002,344 | ---- | M] () -- C:\Users\karren\AppData\Roaming\mozilla\firefox\profiles\yk1yyzpt.default\searchplugins\askcom.xml
[2012.09.21 23:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.16 12:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2012.10.16 12:18:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.09.21 23:57:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 19:27:19 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.19 20:33:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\karren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B630FA9C-178F-404F-8C87-B4E2BF0BAF8D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 22:14:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\karren\Desktop\OTL.exe
[2012.10.23 16:20:39 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{ED29BCC5-915A-4E34-9DC9-2E82491D6D78}
[2012.10.22 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{C7107AA4-5433-4113-9036-2143BA2284D5}
[2012.10.20 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{7AFBF83A-1CD7-4741-8F56-1C4F87CF52B8}
[2012.10.19 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{5C523E32-D00A-47CC-8633-53556EC9BD0F}
[2012.10.18 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{FD3B4635-0E65-48EB-8B17-5B23D6BA98F0}
[2012.10.15 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{7C5696B1-3EC8-49B9-9458-1CF82E0760B9}
[2012.10.14 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{9816866A-1F6E-4E4C-9089-47008A63FA2B}
[2012.10.14 08:29:58 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{0340470A-B800-44F5-A67C-EFFEAA3ED654}
[2012.10.13 18:48:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.13 18:48:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.13 18:48:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.13 18:48:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.13 18:48:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.13 18:48:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.13 18:48:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.13 18:48:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.13 18:48:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.13 18:48:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.13 18:48:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.13 18:48:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.13 18:48:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.13 18:48:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.13 18:48:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.13 18:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.13 18:48:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.13 18:46:25 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.13 18:46:25 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.13 09:59:17 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{53F77E1E-6DCC-464B-ADBB-23FF70D89F87}
[2012.10.09 13:46:09 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{AB21006A-3694-4FB1-828A-116943118636}
[2012.10.05 09:18:04 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{616BD9AD-021B-4FEA-9A94-6706D589098A}
[2012.10.02 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{8EF797AB-0925-4E24-85C4-A59EAE268449}
[2012.09.30 10:18:58 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.30 10:06:49 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{DB005692-9597-4FF7-BAFF-F661BEB25AE6}
[2012.09.24 10:13:23 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{C1183548-7397-4734-B973-46DAFC874060}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 22:14:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karren\Desktop\OTL.exe
[2012.10.23 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 16:28:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:28:10 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:21:15 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012.10.23 16:20:26 | 000,011,232 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012.10.23 16:19:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 16:19:47 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 19:27:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.13 19:27:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.06.23 03:18:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.06.23 03:15:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.06.19 21:54:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.20 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\Godlike
[2012.06.23 21:31:59 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\TomTom
[2012.06.19 20:00:37 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\TuneUp Software
[2012.08.10 00:43:03 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 23.10.2012 22:19:47 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\karren\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 489.10 Mb Available Physical Memory | 48.23% Memory free
1.99 Gb Paging File | 1.18 Gb Available in Paging File | 59.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46.57 Gb Total Space | 17.15 Gb Free Space | 36.83% Space Free | Partition Type: NTFS
Drive D: | 39.60 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: KARREN-PC | User Name: karren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A290C91-5C85-4E44-A4DA-502A7B2B0CA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D35BC6A-D017-4622-AC9F-B972AB9A49BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4E7EB90C-CAC1-4FFC-A560-AC25A4E89245}" = rport=139 | protocol=6 | dir=out | app=system |
"{6259908E-7D45-4F2A-8972-E729ACD90865}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C67FF24-A71B-4A1A-B48F-336A132CE4CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72B007FE-3171-4719-B4D4-21CAF9D994DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{73E2B55E-E45E-49D1-996E-FE23F6ADCC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{74E62FD6-D5BF-49FA-82EE-67EC981F1CD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{78C7FD10-234D-46C4-8260-538683AFE0D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AE506C9-3D5B-4227-A6A4-4094EA7999F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{848FBB54-A7B1-48C1-80B9-121BCD1D0C00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9103F915-D493-4E74-831B-D989A4F7EF37}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{92A5D6E0-49A6-4D74-B243-6BD068468F48}" = lport=138 | protocol=17 | dir=in | app=system |
"{A01393CB-1063-4079-BF23-87CDEE4F7FF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6412F1B-9608-479B-91EF-C0D92295A0B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD32152F-3931-47EA-8834-A27404E2D386}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF6271EF-3EF5-40DB-8A2F-030B739EA1B7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B766C24D-2CBC-4148-876A-FD507B14813E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BAF38C24-A968-4487-A2ED-96DAE8C6286D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CEA4883B-8BD8-4049-ACC9-2996A1BE85E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0A0AC59-18ED-4328-9E0F-07A360AAAD2F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3791025-92C5-424E-8ED1-E9A3FC4C9999}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7997651-1E62-4812-9992-10028A6CC6A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175D0EE0-140C-4A9C-85E3-E0AF13801BAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26436527-0244-4376-9A64-E1BFBBDA654E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{508DE9B0-3943-4532-BA11-3D27EA7E3061}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AA2F570-263D-4ADC-B85D-8A14E12952AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F21F409-86FE-43A1-A2A4-FFB6D847024E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{732A2B96-78D2-43F8-BFBF-559201730FE9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{73699E52-7EF7-434B-A82A-870BD5C050B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AEE6899-0E58-4B8A-9BEB-80B2F4887D19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{82DC5281-EC43-4A4B-AEAA-FE8922DC62EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8FA674C4-CBCD-46E5-BB9B-7B4C54B72350}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98173868-9355-4EDF-823A-321CBAE4798F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9C201B3F-1360-40BB-8F2E-D6DC6258CF90}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9D9F71FE-CDC5-433E-BEBA-A751C7D9A23E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0CE38C0-3DE2-4987-B1C2-177F3C292F61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC92FF9F-70A7-4204-8A0F-D08E20DC7259}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EB961A4A-DA78-4470-B443-7A8539923BCB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF575495-87A8-40FD-8059-239F255853EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F44A480D-4AA7-4898-9029-FE599B12981E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F48A0143-42D3-4579-9E13-4BD9AB484C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{193D3E3B-33C9-4EC0-9323-C070D0BC0B7A}_is1" = WinTools.net 12.1.1 Ultimate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D47CE8-9C16-42D1-A8D8-B143B22E232A}" = Belkin Desktop PCI Card Driver
"{63FBED9C-D995-47DC-A12D-843C570377DC}" = SlimDrivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Driver Checker_is1" = Driver Checker v2.7.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TomTom HOME" = TomTom HOME 2.8.4.2596
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 04:52:44 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15844
 
Error - 05.10.2012 04:52:44 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15844
 
Error - 14.10.2012 14:37:56 | Computer Name = karren-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15922
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15922
 
Error - 19.10.2012 06:50:23 | Computer Name = karren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f9c5  Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f93b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010e567  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01cdade55910a7bb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: c7d1847e-19da-11e2-b8ee-0013a9449fce
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15782
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15782
 
[ System Events ]
Error - 19.09.2012 14:30:29 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 22.09.2012 12:40:35 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 24.09.2012 12:25:07 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 24.09.2012 12:25:09 | Computer Name = karren-PC | Source = DCOM | ID = 10010
Description =
 
Error - 30.09.2012 04:09:31 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 05.10.2012 06:50:47 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 07.10.2012 11:56:28 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 19.10.2012 14:00:16 | Computer Name = karren-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
Error - 21.10.2012 14:50:13 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
--- --- ---

Karen 23.10.2012 23:32
Ha ha... ich sags ja... keine Ahnung von Computern...

Also hier jetzt nochmal die Logfiles, NACHDEM ich Deinen Text in das Fenster eingegeben habOTL Logfile:
Code:
OTL logfile created on: 24.10.2012 00:06:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\karren\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 625.69 Mb Available Physical Memory | 61.69% Memory free
1.99 Gb Paging File | 1.23 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46.57 Gb Total Space | 17.15 Gb Free Space | 36.82% Space Free | Partition Type: NTFS
Drive D: | 39.60 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: KARREN-PC | User Name: karren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={E26D5263-24E6-4435-8D64-9B65309DB802}&mid=cff44966ec5b47d086a8d15aefa0763d-901d4ee6c11ecb89952226f72abc17e210263ed6&lang=de&ds=ts024&pr=sa&d=2012-06-19 21:55:31&v=12.2.5.32&sap=hp
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E26D5263-24E6-4435-8D64-9B65309DB802}&mid=cff44966ec5b47d086a8d15aefa0763d-901d4ee6c11ecb89952226f72abc17e210263ed6&lang=de&ds=ts024&pr=sa&d=2012-06-19 21:55:31&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\SearchScopes\{F20FE6B5-E947-47C2-8519-2C2BBBAA9C17}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10396&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABU&apn_dtid=^YYYYYY^YY^CH&apn_uid=487eb73e-b59c-4d0d-84e5-c1cb2a7668c8&apn_sauid=051AFEE9-F24C-4047-8F9E-E51720D86124
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10396&locale=de_CH&apn_uid=487eb73e-b59c-4d0d-84e5-c1cb2a7668c8&apn_ptnrs=%5EABU&apn_sauid=051AFEE9-F24C-4047-8F9E-E51720D86124&apn_dtid=%5EYYYYYY%5EYY%5ECH&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.21 23:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.21 23:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.23 21:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Extensions
[2012.06.23 21:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.11 12:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions
[2012.08.11 12:53:47 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions\DefaultManager@Microsoft
[2012.08.09 20:14:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\karren\AppData\Roaming\mozilla\Firefox\Profiles\yk1yyzpt.default\extensions\toolbar@ask.com
[2012.08.09 20:14:21 | 000,002,344 | ---- | M] () -- C:\Users\karren\AppData\Roaming\mozilla\firefox\profiles\yk1yyzpt.default\searchplugins\askcom.xml
[2012.09.21 23:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.16 12:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2012.10.16 12:18:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.09.21 23:57:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 19:27:19 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.19 20:33:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1810832478-3312488638-4053623368-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\karren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B630FA9C-178F-404F-8C87-B4E2BF0BAF8D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 22:14:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\karren\Desktop\OTL.exe
[2012.10.23 16:20:39 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{ED29BCC5-915A-4E34-9DC9-2E82491D6D78}
[2012.10.22 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{C7107AA4-5433-4113-9036-2143BA2284D5}
[2012.10.20 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{7AFBF83A-1CD7-4741-8F56-1C4F87CF52B8}
[2012.10.19 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{5C523E32-D00A-47CC-8633-53556EC9BD0F}
[2012.10.18 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{FD3B4635-0E65-48EB-8B17-5B23D6BA98F0}
[2012.10.15 10:26:12 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{7C5696B1-3EC8-49B9-9458-1CF82E0760B9}
[2012.10.14 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{9816866A-1F6E-4E4C-9089-47008A63FA2B}
[2012.10.14 08:29:58 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{0340470A-B800-44F5-A67C-EFFEAA3ED654}
[2012.10.13 09:59:17 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{53F77E1E-6DCC-464B-ADBB-23FF70D89F87}
[2012.10.09 13:46:09 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{AB21006A-3694-4FB1-828A-116943118636}
[2012.10.05 09:18:04 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{616BD9AD-021B-4FEA-9A94-6706D589098A}
[2012.10.02 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{8EF797AB-0925-4E24-85C4-A59EAE268449}
[2012.09.30 10:06:49 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{DB005692-9597-4FF7-BAFF-F661BEB25AE6}
[2012.09.24 10:13:23 | 000,000,000 | ---D | C] -- C:\Users\karren\AppData\Local\{C1183548-7397-4734-B973-46DAFC874060}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 23:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 22:14:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karren\Desktop\OTL.exe
[2012.10.23 16:28:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:28:10 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:21:15 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012.10.23 16:20:26 | 000,011,232 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012.10.23 16:19:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 16:19:47 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
 
========== Files Created - No Company Name ==========
 
[2012.06.23 03:18:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.06.23 03:15:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.06.19 21:54:40 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.20 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\Godlike
[2012.06.23 21:31:59 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\TomTom
[2012.06.19 20:00:37 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\TuneUp Software
[2012.08.10 00:43:03 | 000,000,000 | ---D | M] -- C:\Users\karren\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.19 19:48:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.26 18:44:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.19 19:48:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.22 18:59:39 | 000,000,000 | ---D | M] -- C:\Intel
[2012.06.20 20:39:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.22 19:43:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.15 16:37:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.19 19:48:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.06.19 19:48:07 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.24 00:09:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.19 19:48:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.15 16:37:14 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.19 21:54:46 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job
[2012.07.14 00:08:04 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\karren\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120619T195604140625\internal_ide_channel\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\karren\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120619T195604140625\pci\ven_8086&dev_2653&cc_0101\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.10.24 00:24:21 | 001,310,720 | -HS- | M] () -- C:\Users\karren\NTUSER.DAT
[2012.10.24 00:24:21 | 000,262,144 | -HS- | M] () -- C:\Users\karren\ntuser.dat.LOG1
[2012.06.19 19:48:25 | 000,000,000 | -HS- | M] () -- C:\Users\karren\ntuser.dat.LOG2
[2012.06.19 19:52:50 | 000,065,536 | -HS- | M] () -- C:\Users\karren\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.06.19 19:52:50 | 000,524,288 | -HS- | M] () -- C:\Users\karren\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.06.19 19:52:50 | 000,524,288 | -HS- | M] () -- C:\Users\karren\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.06.19 19:48:25 | 000,000,020 | -HS- | M] () -- C:\Users\karren\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 24.10.2012 00:06:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\karren\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 625.69 Mb Available Physical Memory | 61.69% Memory free
1.99 Gb Paging File | 1.23 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46.57 Gb Total Space | 17.15 Gb Free Space | 36.82% Space Free | Partition Type: NTFS
Drive D: | 39.60 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: KARREN-PC | User Name: karren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A290C91-5C85-4E44-A4DA-502A7B2B0CA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D35BC6A-D017-4622-AC9F-B972AB9A49BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4E7EB90C-CAC1-4FFC-A560-AC25A4E89245}" = rport=139 | protocol=6 | dir=out | app=system |
"{6259908E-7D45-4F2A-8972-E729ACD90865}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C67FF24-A71B-4A1A-B48F-336A132CE4CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72B007FE-3171-4719-B4D4-21CAF9D994DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{73E2B55E-E45E-49D1-996E-FE23F6ADCC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{74E62FD6-D5BF-49FA-82EE-67EC981F1CD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{78C7FD10-234D-46C4-8260-538683AFE0D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AE506C9-3D5B-4227-A6A4-4094EA7999F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{848FBB54-A7B1-48C1-80B9-121BCD1D0C00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9103F915-D493-4E74-831B-D989A4F7EF37}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{92A5D6E0-49A6-4D74-B243-6BD068468F48}" = lport=138 | protocol=17 | dir=in | app=system |
"{A01393CB-1063-4079-BF23-87CDEE4F7FF0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6412F1B-9608-479B-91EF-C0D92295A0B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD32152F-3931-47EA-8834-A27404E2D386}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF6271EF-3EF5-40DB-8A2F-030B739EA1B7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B766C24D-2CBC-4148-876A-FD507B14813E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BAF38C24-A968-4487-A2ED-96DAE8C6286D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CEA4883B-8BD8-4049-ACC9-2996A1BE85E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0A0AC59-18ED-4328-9E0F-07A360AAAD2F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3791025-92C5-424E-8ED1-E9A3FC4C9999}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7997651-1E62-4812-9992-10028A6CC6A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{175D0EE0-140C-4A9C-85E3-E0AF13801BAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26436527-0244-4376-9A64-E1BFBBDA654E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{508DE9B0-3943-4532-BA11-3D27EA7E3061}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AA2F570-263D-4ADC-B85D-8A14E12952AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F21F409-86FE-43A1-A2A4-FFB6D847024E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{732A2B96-78D2-43F8-BFBF-559201730FE9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{73699E52-7EF7-434B-A82A-870BD5C050B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AEE6899-0E58-4B8A-9BEB-80B2F4887D19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{82DC5281-EC43-4A4B-AEAA-FE8922DC62EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8FA674C4-CBCD-46E5-BB9B-7B4C54B72350}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98173868-9355-4EDF-823A-321CBAE4798F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9C201B3F-1360-40BB-8F2E-D6DC6258CF90}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9D9F71FE-CDC5-433E-BEBA-A751C7D9A23E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0CE38C0-3DE2-4987-B1C2-177F3C292F61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC92FF9F-70A7-4204-8A0F-D08E20DC7259}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EB961A4A-DA78-4470-B443-7A8539923BCB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF575495-87A8-40FD-8059-239F255853EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F44A480D-4AA7-4898-9029-FE599B12981E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F48A0143-42D3-4579-9E13-4BD9AB484C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{193D3E3B-33C9-4EC0-9323-C070D0BC0B7A}_is1" = WinTools.net 12.1.1 Ultimate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D47CE8-9C16-42D1-A8D8-B143B22E232A}" = Belkin Desktop PCI Card Driver
"{63FBED9C-D995-47DC-A12D-843C570377DC}" = SlimDrivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Driver Checker_is1" = Driver Checker v2.7.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TomTom HOME" = TomTom HOME 2.8.4.2596
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1810832478-3312488638-4053623368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 04:52:44 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15844
 
Error - 05.10.2012 04:52:44 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15844
 
Error - 14.10.2012 14:37:56 | Computer Name = karren-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15922
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15922
 
Error - 19.10.2012 06:50:23 | Computer Name = karren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f9c5  Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f93b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010e567  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01cdade55910a7bb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: c7d1847e-19da-11e2-b8ee-0013a9449fce
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15782
 
Error - 20.10.2012 08:22:14 | Computer Name = karren-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15782
 
[ System Events ]
Error - 19.09.2012 14:30:29 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 22.09.2012 12:40:35 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 24.09.2012 12:25:07 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 24.09.2012 12:25:09 | Computer Name = karren-PC | Source = DCOM | ID = 10010
Description =
 
Error - 30.09.2012 04:09:31 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 05.10.2012 06:50:47 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 07.10.2012 11:56:28 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 15.10.2012 12:03:26 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 19.10.2012 14:00:16 | Computer Name = karren-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
Error - 21.10.2012 14:50:13 | Computer Name = karren-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
--- --- ---

markusg 24.10.2012 19:18
ok dann machen wir erst mal den einen fertig.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Karen 24.10.2012 22:48
Hallo Markusg
Hier das Ergebnis vom Combofix (alter Laptop. Hätte den anderen jetzt auch da, aber ist glaub besser, einen nach dem anderen zu machen. Wird sonst glaub ziemlich verworren für mich :crazy: )

Combofix Logfile:
Code:
ComboFix 12-10-24.02 - karren 24.10.2012  23:29:34.1.1 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.41.1031.18.1014.428 [GMT 2:00]
ausgeführt von:: c:\users\karren\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-24 bis 2012-10-24  ))))))))))))))))))))))))))))))
.
.
2012-10-24 21:40 . 2012-10-24 21:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-24 21:30 . 2012-10-24 21:30        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1AB6E8E-BB52-4DA5-8BDD-F8FB72C88B18}\offreg.dll
2012-10-23 22:26 . 2012-10-23 22:26        96224        ----a-w-        c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-23 22:26 . 2012-10-23 22:26        157272        ----a-w-        c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-23 14:27 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1AB6E8E-BB52-4DA5-8BDD-F8FB72C88B18}\mpengine.dll
2012-10-16 10:17 . 2012-09-21 21:57        73696        ----a-w-        c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-16 10:17 . 2012-09-21 21:57        18912        ----a-w-        c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-10-13 16:49 . 2012-08-24 16:57        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-10-13 16:47 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-13 16:47 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-13 16:47 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-13 16:46 . 2012-08-31 17:18        1211760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-10-13 16:46 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\system32\kerberos.dll
2012-10-13 16:46 . 2012-08-30 17:12        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-10-13 16:46 . 2012-08-30 17:12        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-09-30 08:18 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 21:07 . 2012-06-19 19:54        11232        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys
2012-10-13 17:27 . 2012-07-13 22:08        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 17:27 . 2012-07-13 22:08        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-15 14:36 . 2012-09-15 14:36        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-15 14:36 . 2012-06-22 17:15        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-09-15 14:36 . 2012-06-22 17:15        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-03 17:28 . 2012-09-03 17:28        27496        ----a-w-        c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 06:59 . 2012-09-22 17:54        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 17:54        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 17:54        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 17:54        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 17:54        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 17:54        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 18:49        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 18:49        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 18:49        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 18:49        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-08 11:22 . 2011-03-28 16:36        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-02 16:57 . 2012-09-12 18:49        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-10-23 22:26 . 2012-09-21 21:57        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 17:27        1734240        ----a-w-        c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18        1519824        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\karren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 17:27]
.
2012-10-24 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-05-01 10:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={E26D5263-24E6-4435-8D64-9B65309DB802}&mid=cff44966ec5b47d086a8d15aefa0763d-901d4ee6c11ecb89952226f72abc17e210263ed6&lang=de&ds=ts024&pr=sa&d=2012-06-19 21:55&v=12.2.5.32&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\karren\AppData\Roaming\Mozilla\Firefox\Profiles\yk1yyzpt.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10396&locale=de_CH&apn_uid=487eb73e-b59c-4d0d-84e5-c1cb2a7668c8&apn_ptnrs=%5EABU&apn_sauid=051AFEE9-F24C-4047-8F9E-E51720D86124&apn_dtid=%5EYYYYYY%5EYY%5ECH&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-24  23:45:16
ComboFix-quarantined-files.txt  2012-10-24 21:45
.
Vor Suchlauf: 6 Verzeichnis(se), 18'653'020'160 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 18'750'816'256 Bytes frei
.
- - End Of File - - BEED8FD6D3257660BD403A78ADADABFC
--- --- ---


Ach so, da stand doch was, wegen Neustart? Das hats gar nicht verlangt, oder gemacht- ist das trotzdem ok?

Ähm mal noch ne blöde Frage: das OTL und Combofix muss auf dem Laptop bleiben? Oder wieder löschen?
Vielen Dank für Deine Geduld mit mir und Deine Arbeit

Karen 25.10.2012 22:51
Hallo Markusg

Da ich ja jetzt meinen neuen Laptop auch hier vor meiner Nase stehen hab, hab ich damit auch schonmal das OTL gemacht.
Hier die Logfiles (Laptop NEU)OTL Logfile:
Code:
OTL logfile created on: 25.10.2012 23:29:40 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.41% Memory free
7.68 Gb Paging File | 6.20 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.09 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DCDhcpService) -- C:\Program Files (x86)\Packard Bell\WDAgent\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121025.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121025.001\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121024.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.31 03:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.10.25 17:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 22:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 22:06:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.30 21:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Extensions
[2012.10.24 23:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Firefox\Profiles\53ma42j5.default\extensions
[2012.10.25 22:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.25 22:06:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF578646-D169-4BC9-B687-AF9D87C9FEFE}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD69EC8B-9D13-4BD4-96F3-AE98911D6F63}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.25 23:18:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.25 22:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.17 22:15:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.10.12 09:05:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.10 11:48:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 11:48:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 11:48:24 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 11:48:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 11:48:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 11:48:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 11:48:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 11:48:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 11:48:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 11:48:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 11:48:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 11:48:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 11:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 11:48:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 11:48:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 11:48:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 11:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 11:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 11:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 11:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 11:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 11:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 11:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 11:48:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 11:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 11:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 11:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 11:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 11:48:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 11:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 11:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 11:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 11:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 11:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 11:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 11:48:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 11:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 11:48:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 11:47:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 11:47:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.07 21:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.10.07 18:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.07 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.07 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.10.07 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.10.07 18:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.10.07 18:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.10.02 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\{EE4AAD4A-217C-409B-9DC8-D483FC59E3FD}
[2012.10.02 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\assembly
[2012.10.02 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Karen\Documents\ifolor
[2012.10.02 20:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ifolor
[2012.10.02 20:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ifolor
[2012.10.02 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Diagnostics
[2012.10.01 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\{B1F5C38E-0EE3-49C1-8E34-8689A729F5AF}
[2012.10.01 16:46:09 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\{E8C174CB-9BE2-468B-ADA1-CE1992443E6C}
[2012.09.26 06:14:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.25 23:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.25 23:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.25 17:27:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.25 17:27:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.25 17:20:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.25 17:20:04 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 08:18:58 | 000,002,504 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.10.17 08:18:27 | 001,565,969 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.10.16 18:46:47 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121008.022
[2012.10.09 22:20:31 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 22:20:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.07 21:31:09 | 000,002,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 21:31:08 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 18:48:01 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.02 20:29:36 | 000,001,373 | ---- | M] () -- C:\Users\Public\Desktop\ifolor Designer.lnk
[2012.10.01 16:27:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 12:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2012.10.07 18:48:01 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.07 18:37:51 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 18:37:51 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 18:37:49 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.02 20:29:36 | 000,001,373 | ---- | C] () -- C:\Users\Public\Desktop\ifolor Designer.lnk
[2012.10.01 16:27:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.19 20:38:03 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.08 00:46:50 | 000,000,579 | ---- | C] () -- C:\Users\Karen\AppData\Local\cookies.ini
[2012.03.14 10:58:19 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.14 10:58:19 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.14 10:58:15 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.14 10:58:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 10:58:08 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 22:20:07 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2012.08.31 03:19:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Screensaver
[2012.09.13 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SNS
[2012.10.17 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2012.09.19 20:38:52 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.31 03:18:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.31 03:21:57 | 000,000,000 | -H-D | M] -- C:\book
[2012.10.12 09:20:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.31 03:13:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.05.29 13:05:44 | 000,000,000 | -H-D | M] -- C:\Intel
[2012.10.17 22:15:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.08.31 03:22:01 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.07 18:43:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.25 23:15:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.07 18:37:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.31 03:13:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.31 03:13:49 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.25 23:31:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.31 03:15:37 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.02 09:22:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,014,762 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.10.07 18:37:49 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.07.14 07:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.07.14 07:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2012.02.01 10:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
[2012.02.01 10:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2012.02.02 01:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.02.02 01:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4b6764daf5ce9174\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.10.25 23:44:03 | 001,572,864 | -HS- | M] () -- C:\Users\Karen\NTUSER.DAT
[2012.10.25 23:44:03 | 000,262,144 | -HS- | M] () -- C:\Users\Karen\ntuser.dat.LOG1
[2012.08.31 03:15:38 | 000,000,000 | -HS- | M] () -- C:\Users\Karen\ntuser.dat.LOG2
[2012.08.30 22:58:03 | 000,065,536 | -HS- | M] () -- C:\Users\Karen\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.30 22:58:03 | 000,524,288 | -HS- | M] () -- C:\Users\Karen\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.30 22:58:03 | 000,524,288 | -HS- | M] () -- C:\Users\Karen\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.31 03:15:38 | 000,000,020 | -HS- | M] () -- C:\Users\Karen\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---



undOTL Logfile:
Code:
OTL Extras logfile created on: 25.10.2012 23:29:40 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.41% Memory free
7.68 Gb Paging File | 6.20 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.09 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F763B9-9758-4481-B1C6-D2C5CA92D67D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{134842F0-2155-4FFD-9129-13F0B53E2DD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13B85541-41BD-4316-9B1B-CDD80536D8A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{174F20B2-34FD-4B44-80E4-7618D0A02558}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F8D578C-69D3-4B71-AEE2-F9FCBD368581}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DC81218-83C3-4B4B-8D86-18F05B2041BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A421886-D290-4DE9-974B-16F515F75658}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6DD0E0A2-3A56-4F14-91D2-07D486F6FFBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F238A23-CD78-4982-A201-9D3B71DA1636}" = lport=139 | protocol=6 | dir=in | app=system |
"{9044D1B7-829B-4B25-B3AD-A726CF82E8E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97DE09DD-CD32-4915-88DD-2FD3D218D492}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\packard bell\wdagent\dcdhcpservice.exe |
"{9A2776B1-5157-4E96-877F-0D15E33F7795}" = rport=138 | protocol=17 | dir=out | app=system |
"{A18C3AE6-11EE-4E69-86E9-E9FD7C29C6BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{AB18A11F-0964-4825-94BD-5BFBFDEC2708}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7CF1D52-D878-4252-ABFC-11379801A318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7F098A0-5AFD-490C-8AC5-F443F62EC7B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA9CB456-ACAB-41F4-893E-9EB1A1E0639C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C07F94A7-FB81-4A99-BF77-DFF845B67FEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB99FD62-99AA-4A06-AC1A-9563724F1642}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC3BD464-B720-4BAD-B64A-0D6B8767C343}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D93C3F73-C74B-4258-93B0-3FC4734B9493}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E56D981F-715F-4C3D-A242-0907D361772C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2CC9E9D-2A6D-4467-8583-30AFB814B7DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4209C04-7963-4A92-838E-413EAD2EC313}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024DE54E-3770-4A97-B227-CE481EFB6895}" = protocol=6 | dir=out | app=system |
"{0AAC1301-E063-47A2-8B38-B267E5DE9BF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B220219-2910-4A13-BE78-E60BEEDAD844}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0F7236BF-10AF-40D6-9FA0-17E1D682C4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19C9BFF4-1FAA-4BB4-A7FA-1CDA4D909B63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{240EC51C-0767-45CF-BCAA-630A3059B0B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27A62828-0E08-4CB4-AB47-BD04D3B0275F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B9C1FCA-7DC1-4198-9402-5B0B86522897}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3D6BC417-2212-42FE-A78F-A6B5A734DF2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D9F83A2-7D2A-48E8-8CA4-2DC5D7D584EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{414BA3AD-50FD-4F99-B3D3-EBEC1EED0E36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{434BEABD-1049-488B-8351-70E4B5941BA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46D7EB93-CA73-43C8-8E56-C592A93EABBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EDCECE0-0929-4372-8E5D-476978EC592A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6266EF55-6A56-42F4-985B-DE7E9AFFD23B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79D9E2E0-98CB-4AFB-8770-3DEFF3069765}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C662BD4-0EA1-4A33-BAD0-FB2E6C828592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81743C1C-305B-46C4-951D-103210EB22B4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{82C27511-7C43-46FC-9BD6-282FD8C98ED2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{862E8706-E53B-4C06-9BD0-444D862749CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B1A49AF-CB46-41CB-B1C4-713F366FF3C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C276B38-1F71-4CE1-8B63-A6EDF237EADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B344770C-4D05-46A4-96CD-5C68D97E2787}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B525331A-BC4A-4B17-A19C-BA272D4889C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF2A0E92-2DD0-4CAA-8815-56ACC630C1D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5231DAD-456A-4E86-ADB5-8CB53EE46DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC229A02-354C-4DF8-A994-D21735D019AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F39D4906-67AA-4B07-B626-D067882BB283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB15C26A-F994-4F7F-9DF7-4E8EE4521855}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"ifolor-Designer" = ifolor Designer
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"VTechDownloadManager" = VTech Download Manager
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-005f3837-c456-468a-a3ea-4edb997096c9" = Bejeweled 3
"WTA-09fbe498-f724-44c8-b703-22c080a4ec0d" = Zuma Deluxe
"WTA-321015b6-5dbd-4937-a70f-698615ebe5ba" = Plants vs. Zombies - Game of the Year
"WTA-3e9b7342-48ff-4ec5-b0a9-f78c8237283c" = FATE
"WTA-44587edb-08b8-4351-9ce9-bf0833407fa2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-44c6b830-c6c0-4449-ae4c-e8d136453d4c" = Penguins!
"WTA-4510cdb9-4b53-42ee-8985-03c16b791fed" = Polar Bowler
"WTA-4c6be03c-bbc6-4f1f-ad62-3c55351bf2ab" = Chuzzle Deluxe
"WTA-4d2ff374-f65f-46e3-99f2-d7d21a50a383" = Torchlight
"WTA-5fc9f2ae-2d35-4556-bf28-def80ed6895b" = Slingo Deluxe
"WTA-6bf0bdb7-f5bf-49be-9518-fefc1877b4e8" = Agatha Christie - Death on the Nile
"WTA-75d03f6b-a3f1-4653-a778-edcac5e36298" = Final Drive: Nitro
"WTA-93dae18b-86cb-4803-9c15-d87611f47155" = Wedding Dash
"WTA-a1fd9225-14a0-4695-b3ba-1baaa8927c7b" = John Deere Drive Green
"WTA-afc48264-2b64-44d9-aabb-818c5ec6c802" = Jewel Match 3
"WTA-b8240454-15a3-433e-bfb2-d8bc94bc5b4b" = Virtual Villagers 4 - The Tree of Life
"WTA-c81411f9-b5d9-4937-b368-d235e6e2941e" = Insaniquarium Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2012 15:15:58 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.10.2012 02:38:12 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.10.2012 03:21:33 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.10.2012 12:24:24 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.10.2012 02:19:34 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.10.2012 11:16:38 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.10.2012 06:38:21 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.10.2012 07:38:52 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2012 17:07:44 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.10.2012 11:20:32 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 30.08.2012 15:31:52 | Computer Name = Karen-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.08.2012 15:31:52 | Computer Name = Karen-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.08.2012 15:31:53 | Computer Name = Karen-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.08.2012 15:31:53 | Computer Name = Karen-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.08.2012 17:01:53 | Computer Name = Karen-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 03.09.2012 08:11:18 | Computer Name = Karen-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet:  %%16405
 
Error - 02.10.2012 13:32:53 | Computer Name = Karen-PC | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---




Bin mal gespannt, wies aussieht (Ich erkenne da nur "Bahnhof") :wtf:

markusg 25.10.2012 22:58
machen wir erst mal pc old
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Karen 25.10.2012 23:04
Ok, scan läuft.

Nichts gefunden.

markusg 25.10.2012 23:09
ok

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Karen 25.10.2012 23:12
Kann kein LOGfile posten, auch nichts kopieren vom Report.
Aber zeigt an:
Duration: 00:00:43
Processed: 429 Objects
Found: 0 threads
Neutralized: 0 threads
Quarantined: 0 threads

markusg 25.10.2012 23:15
ok dann mal weiter mit malwarebytes

Karen 25.10.2012 23:18
Ok, Malwarebites läuft.

Oh, Du "sammelst" doch verdächtige Mails... Hab da eins in meinem Spamverdacht- Ordner. Absender: ich selbst (???), Titel: irgendwas mit Naturwissenschaften.
Habs mich noch nicht getraut, es aufzumachen.
Willst Du`s?

markusg 25.10.2012 23:27
ja kannst es ja mal weiterleiten :-)

Karen 25.10.2012 23:29
mach ich gerne... aber verrätst Du mir vorher noch, wie man das mit dem eml. macht??? (sorry, blond :zunge: )

markusg 25.10.2012 23:30
nutzt du thunderbird, outlook oder gehst du über den browser in dein mail account?
du kannst sie wie gesagt auch erst mal weiterleiten dann gucke ich mal

Karen 25.10.2012 23:32
Browser. Hier grad Mozilla firefox (neuer Lappi)

markusg 25.10.2012 23:33
jo dann einfach weiterleiten

Karen 25.10.2012 23:34
dazu muss ichs öffnen, oder?:heilig:

markusg 25.10.2012 23:36
warscheinlich ja.

Karen 25.10.2012 23:40
gesagt getan... wollts an virus@...... weiterleiten. ging glaub nicht. der Mailer Deamon sagt dazu:

Zitat:

Hi. This is the qmail-send program at mailout-de.gmx.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<virus@trojaner-board.de>:
81.28.224.26_failed_after_I_sent_the_message./Remote_host_said:_550-This_e-mail_is_considered_spam._Therefore,_the_server_rejects_it./550_(150741::1351204682-00006EC6-E69EF130/0-9253177560/0-10)/

--- Below this line is a copy of the message.

Return-Path: <KarenLang@gmx.ch>
Received: (qmail 18884 invoked by uid 0); 25 Oct 2012 22:38:02 -0000
Received: from 213.196.172.50 by www041.gmx.net with HTTP;
Fri, 26 Oct 2012 00:37:59 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Fri, 26 Oct 2012 00:37:59 +0200
From: "Karen Lang" <KarenLang@gmx.ch>
Message-ID: <20121025223759.283250@gmx.net>
MIME-Version: 1.0
Subject: Fwd: Arbeitsmarkt Naturwissenschaften
To: virus@trojaner-board.de
X-Authenticated: #41197573
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
X-Provags-ID: V01U2FsdGVkX1+LaoktEomLpgXbQAkDoJ9pV373TSDTE7Gc2aUGEF
n1GCmwBAZW9syWHPSiiA+jVWaS97rcK4YXiw==
Content-Transfer-Encoding: 8bit
X-GMX-UID: ENr7cMEPeSEqSWTDH3YhWkZ+IGRvb8B9
X-GMX-Antivirus: 0 (no virus found)

-------- Original-Nachricht --------
Datum: Wed, 24 Oct 2012 20:57:55 +0100
Von: karenlang@gmx.ch
An: karenlang@gmx.ch
CC: d19906617@gmx.ch, antonpfander@gmx.ch, gerber.christian@gmx.ch, daniell.roth@gmx.ch, mtijani@gmx.ch, s.niro@gmx.ch, email6860326846@gmx.ch, clabla86@gmx.ch, kevingotenks@gmx.ch, gianl@gmx.ch, jena81@gmx.ch, j.magener@gmx.ch
Betreff: Arbeitsmarkt Naturwissenschaften

Sehr geehrte Damen und Herren

Ich benutze diese Gelegenheit,
um Ihnen eine freie Stelle in unserer Firma vorzuschlagen und ihre kurze
Beschreibung zu geben.

Haben Sie Ihre Karriere schon beendet, sind die im Schwangerschaftsurlaub,
ein Rentner oder einfach Arbeitslose?
Dann ist diese Stelle für Sie.

Beschäftigungsgrad: Teilbeschäftigung – 1 bis 3 Stunden pro Tag.
Mindestens 20 Stunden der Beschäftigung pro Woche können wir Ihnen
garantieren.
Gehalt: 3000 Euro pro Monat plus Kommissionsgeld.
Arbeitsort: Europa

Beachten Sie bitte!
Sie brauchen keinen einziges Cent auszugeben, um an die Arbeit in unserer
Firma zu gehen.

Wenn Sie bereit sind, den Fragebogen und mehr Information über diese
Stelle zu bekommen,
ein Telefongespräch zu vereinbaren,
schicken Sie bitte einen Brief auf Violet@arbeitdeutschland.com,unter
Angabe Ihrer ID-Nummer für diese Stelle: IDNO: 0369



hmmm... soviel dazu. :stirn:

Hatte aber auch keinen Anhang... könnte da ein Virus o.ä. direkt im Mail versteckt sein?

So, hier das Ergebnis von Malwarebites.

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.25.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
karren :: KARREN-PC [Administrator]

Schutz: Aktiviert

26.10.2012 00:18:06
mbam-log-2012-10-26 (00-18-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 298871
Laufzeit: 45 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


und


2012/10/26 00:17:15 +0200 KARREN-PC karren MESSAGE Starting protection
2012/10/26 00:17:15 +0200 KARREN-PC karren MESSAGE Protection started successfully
2012/10/26 00:17:15 +0200 KARREN-PC karren MESSAGE Starting IP protection
2012/10/26 00:17:19 +0200 KARREN-PC karren MESSAGE IP Protection started successfully
2012/10/26 00:17:29 +0200 KARREN-PC karren MESSAGE Starting database refresh
2012/10/26 00:17:29 +0200 KARREN-PC karren MESSAGE Stopping IP protection
2012/10/26 00:17:29 +0200 KARREN-PC karren MESSAGE IP Protection stopped successfully
2012/10/26 00:17:36 +0200 KARREN-PC karren MESSAGE Database refreshed successfully
2012/10/26 00:17:36 +0200 KARREN-PC karren MESSAGE Starting IP protection
2012/10/26 00:17:40 +0200 KARREN-PC karren MESSAGE IP Protection started successfully

markusg 26.10.2012 12:55
versuch mal ne mail an die adresse zu schreiben, kann nicht genau ersehen ob die mail wegen spam verdacht nicht weitergeleitet wurde oder obs nen anderes problem gibt
pc is unauffällig auf jeden fall
lade den CCleaner standard:
CCleaner Download - CCleaner 3.24.1850
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Karen 26.10.2012 21:48
Hoi Markusg. Ich versuch jetzt mal vom neuen Lappi das Mail an die Adresse zu schicken (falls was passiert... wir checken ihn ja eh noch durch, oder? :abklatsch: )

Also zuerst mal steht da was vom GMX:
GMX Spamschutz Briefkopf-Analyzer: Der Header dieser E-Mail weist für
Spam-Mails typische Merkmale auf.

So, scheint rausgegangen zu sein. :confused:

Log Teil 1:

ANALYSE komplett - (17.200 Sek)
----------------------------------------------------------------------------------------------------
104.9MB zu entfernen. (Ungefähre Größe)
----------------------------------------------------------------------------------------------------

Details der zu löschenden Dateien (Hinweis: Es wurden noch keine Dateien gelöscht)
----------------------------------------------------------------------------------------------------
Internet Explorer - Temporäre Internet-Dateien 38'279KB 507 Dateien unbekannt
Internet Explorer - Verlauf 297KB 11 Dateien unbekannt
Internet Explorer - Cookies 26KB 91 Dateien unbekannt
Internet Explorer - Lösche Index.dat-Dateien 560KB 4 Dateien unbekannt
Windows Explorer - Aufgerufene Dokumente 100KB 79 Dateien unbekannt
Windows Explorer - Miniaturansicht Cache 2'052KB 6 Dateien unbekannt
System - Temporäre Dateien 10'431KB 47 Dateien unbekannt
System - Windows-Logdateien 18'263KB 32 Dateien unbekannt
Firefox/Mozilla - Internet-Cache 27'325KB 374 Dateien unbekannt
Firefox/Mozilla - Cookies 0KB 663 Dateien unbekannt
Firefox/Mozilla - Download-Verlauf 64KB 1 Dateien unbekannt
Firefox/Mozilla - Session 63KB 2 Dateien unbekannt
Google Chrome - Internet-Cache 5'913KB 19 Dateien unbekannt
Google Chrome - Internet-Verlauf 412KB 9 Dateien unbekannt
Google Chrome - Session 5KB 1 Dateien unbekannt
Anwendungen - Adobe Acrobat 10.0 9KB 1 Dateien unbekannt?
Anwendungen - MS Office Picture Manager 10KB 2 Dateien notwendig?
Anwendungen - Office 2007 12KB 13 Dateien notwendig
Internet - Windows Live Messenger 18KB 42 Dateien unnötig
Multimedia - Adobe Flash Player 4KB 49 Dateien notwendig?
Multimedia - VLC Media Player 11KB 1 Dateien notwendig?
Multimedia - Windows Media Center 3KB 1 Dateien notwendig
Werkzeuge - AntiVir Desktop 2'327KB 25 Dateien notwendig, oder anderer Vorschlag? Vielleicht Norton Kaufversion?
Werkzeuge - Windows Defender 249KB 33 Dateien unbekannt
Windows - MS Search 1'024KB 1 Dateien unbekannt
------------------------------------------------------------------------------------------
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat 288KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\041-0256.German[1].xml 23KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\041-0517.German[1].dist 22KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\041-1612.German[1].xml 37KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\041-1676.German[1].dist 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\061-4513.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\061-5790.German[1].dist 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\061-6867.German[1].dist 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\061-7340.German[1].dist 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\ApnIC[1].0 243KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\bg[1].jpg 19KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\bind[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\heias.ret[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\index_quer1[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\index_quer2[1].htm 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\ZX_conrad_CH_728x90[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AC0GHIH9\ZX_getgoods_CH_300x250[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\041-0516.German[1].dist 22KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\041-1673.German[1].dist 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\041-4336.German[1].dist 31KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\041-5328.German[1].xml 27KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\041-6905.German[1].xml 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\061-4200.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\061-7511.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\061-8153.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\061-9539.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\1[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\acer[1].png 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\banner_aff_ggdeals_300x250[1].gif 27KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\bg_iframe_quer[1].jpg 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\CA11HEW4.HTM 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\media[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\teaser_quer4[1].jpg 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS2L0NS0\Weka_800x600_standardt_MCT[1].htm 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\041-0255.German[1].xml 23KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\041-6906.German[1].xml 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-3418.German[1].dist 37KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-3452.German[1].dist 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-4249.German[1].dist 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-4514.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-5850.German[1].dist 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\061-9848.German[1].dist 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\4[1].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\c14[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\index-windows-1[1].sucatalog 158KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\index[1].gif 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\label[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\media[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\p.min[1].js 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\rs[1].js 34KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\teaser_quer1[1].jpg 22KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7MZE2YB\version[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\041-1613.German[1].xml 37KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\041-3097.German[1].dist 20KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\041-6756.German[1].xml 44KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\061-4512.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\061-7306.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\061-7509.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\061-8155.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\061-9537.German[1].dist 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\104[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\14862.min[1].js 18KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\Ad6553681St1Sz16Sq100777653V0Id1[1].jpg 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\computerbild[1].htm 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\ga[1].js 37KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\notifier_avira_com[1].htm 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\onepixel[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\teaser_quer2[1].jpg 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\teaser_quer3[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1R00C2F\universal[1].htm 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat 288KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\12283_4885_663_0_38514_CB_1340209286235[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\13951697507091960918[1].gif 40KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\40229670ffe4cdef[1].jpg 13KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\467886638[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\469357992_b4b093a949[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\556071416[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\567990296[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\646603812[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\7a05944db066818a[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\;ord=687332[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\;ord=6928211[1] 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\a11fa43c9cdac52e[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\abg[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[1] 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[1].htm 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[2] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[2].htm 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[3] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ads[4] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\adtech-gfx-090224[1].gif 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\adtech[1].css 18KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\all[1].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\artikel-news-download-videos[1].js 38KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\bg-header[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\btn-antworten[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\btn-neuesthema[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\btn-rss-live-com[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\c26a42502f5c4bc5[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\c5ec1384f206953d[1].jpg 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\callback[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\chip-5[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\collapse_tcat[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\combox-pc-bg[1].gif 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\comments2[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\Communitybox_dell_03[1].jpg 15KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\content-navi-arrow-left[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\count[1].json 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\de[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\dl-btn-chip[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\dl-getfile-kaspersky[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\facebook[1].png 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\fb_statisch[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\Firefox_Setup_13.0.1[1].exe 16'036KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\footer-am-icons-01[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\footer-am-icons-02[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\footer-box-bg[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\footer-global-bg[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\getads[1].js 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\getSuggestions2[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\getSuggestions2[2].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\getSuggestions2[3].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\google_plus[1].png 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\gw[1].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\gw[2].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\header-global-bg[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\header-search-bg-right[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\hp_logo_teaser[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ico-home[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\icon[2].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\iframe[1].htm 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\impr[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\inventar_test;sz=1x1;kw=adblocker_chip_bodyjs;ord=79478361239[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\jQueryUI[1].js 31KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\jQuery[1].js 111KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\JQueyExtensions[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\katalog-bg-hi[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\liquid-gfx-090224[1].gif 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\liste-61cfe304c9dd5a04[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\me-top10-gfx-090930[1].gif 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\mvt[1].js 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\newsTickerLogo[1].gif 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\pic[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\pic[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\pic[3].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\pic[4].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\preisvergleich_hoverdef[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\protoscript[1].js 140KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\prototypen[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\proto_nt_sprite[1].gif 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\ql9vukDCc4R[1].png 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\qs_ivwbox_de[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\rc[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\rc[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\rs=AItRSTMf9SM1IYdneGPye-4UUY0QZpNvRg[1].txt 15KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\rs=AItRSTMVaitSiPel_JCxZD_GJ0wlcwMbrQ[1] 55KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\show_ads_impl[1].js 48KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\show_afs_ads[1].js 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\si[1].htm 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\spcjs[1].php 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\spc[1].php 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\spc[2].php 13KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\spc[3].php 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\standard-gfx-090224[1].gif 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\standard-gfx-090416[1].gif 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\suche[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\survey[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\tpx[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\tpx[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\trk[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\trk[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\vt-body-bg[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\vt-head-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\vt-topvideo-overlay-start-big[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\vt-topvideo-overlay-start-small[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\zNlQRPRiBq5[1].js 171KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A794VK66\_utmh[1].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\00be96bfc2bb1c16[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\051347e8f0d8c78a[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\12283_4885_663_0_38514_CB_1340209349477[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\12283_4885_663_0_38514_CB_1340209834622[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\162058_66x50_11[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\177480_66x50_1[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\185169_66x50_1[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\195231_66x50_2[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\499863071_b447e38d1a[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\4afbbaa80ffc8ae3[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\504406219_60b2cb792b[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\508531679_fa4d83aeff[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\509930507_cda9b4e91e[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\512052307_fc65b3ad15[1].jpg 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\512084354_e904a0be4e[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\512427347_c9534a6040[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\78f350b96dd4[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\7a630f71b4da9b03[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\943671011[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\9a1a4ad12500a366[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\;ord=2562347[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\;ord=2562347[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\;ord=687332[1] 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\;ord=6928211[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\;ord=9018095[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\a2bb000ab8ad7a46[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ads[1] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ads[1].htm 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ads[2] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ads[2].htm 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ads[3] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ae78582b107557a1[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ajs[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\aktivbar[1].gif 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\all[1].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\anzeige[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\arrow_blue[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\artikel-news-download-videos[1].css 50KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\b308b6267f9d753f[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\b9b67bfb99a917d1[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\blank[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\bottom-grad[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\bottom-icos[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\btn-close-x[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\btn-sethomepage[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\bullet01[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\business[1].json 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\cb=gapi[1].loaded_0 95KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\chip-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\close_grey[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\combox-stripes-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\cset_v[1].php 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\cxo_adtech-57959-min[1].js 39KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\dl-btn-rating-bad[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\dl-countdown[1].gif 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\dl_box_line_grey[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\dropdown-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\efws[1].js 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\firefox-c9ed52f039ead6e9[1].jpg 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\footer-black-icons[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\footer-black-special-btn[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\footer-separator-linie[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\frage-stellen[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\getSuggestions2[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\getSuggestions2[2].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\global[1].css 123KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\global[1].js 28KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\gw[1].js 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\gw[2].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\gw[3].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\header-search-bg-left[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\home-navseiten[1].css 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\impr[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\inventar_test;sz=1x1;kw=adblocker_chip_bodyjs;ord=92402052974[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\jQueryUI[1].js 31KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\js[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\js[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\js_ng_chip_0300[1].js 30KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\linie_bl[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\lupe_17x22px[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\main[1].js 29KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\nav-arrow[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\nav-bl-li-bg-hover[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\newstickerMainBg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\omniture_somtr_code_vH.23.4[1].js 33KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\osd[1].js 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\pause_grey[1].png 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\pfeil_blau[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\pic[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\pixel[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\play_grey[1].png 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\print[1].css 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\rc[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\rc[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\rc[3] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\ron_100[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\rs=AItRSTNma8J0_yA8CaTOcatIk1tow5atjg[1] 112KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\s3[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\search[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\spcjs[1].php 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\spcjs[2].php 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\spc[1].php 14KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\spc[2].php 13KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\Stats[1].js 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\tpx[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\video-podcast-icon[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\_utmh[1].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CUL9DF37\_utmh[2].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\120420_windows-intune_titelroation_50x50[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\12283_4885_663_0_38514_CB_1340209795267[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\13792610000122737861[1].gif 44KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\316293317[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\36_navibox[1].css 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\480025978[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\509985612_19952ca6a9[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\50d9991ca3dd578f[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\511704713_b4ff046e99[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\512030526_c64ab6748a[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\512427358_49998791c3[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\512427363_022c424579[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\571e7ae23ec1a5c89c23d34bfc08b153[2].gif 10KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\62c135ac19a338b9[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\6e89a73e05e6ce88[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\84b0189eab2f073b[1].jpg 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\;ord=2562347[1] 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\;ord=2562347[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\;ord=687332[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\;ord=9018095[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\;ord=9018095[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\adsense_v3[1].htm 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ads[1] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ads[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ads[1].htm 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ads[2] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ads[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\adtech[1].css 18KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\ajs[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\all[1].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\all[2].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\all[3].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\arrow-red[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\blank[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\btn-rss-my-yahoo[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\btn-search[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\button_chip_dl_auswahl_v2[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\c1_downloads_auswahl_15819950[1].htm 104KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\chip-online-logo[1].gif 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\cma-btn-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\col-btm-head-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\cset_v[1].php 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\cset_v[2].php 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\divider01[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\dl-btn-gfx-090504[1].gif 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\dl-btn-rating-good[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\dl-getfile-2box-bottom[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\dl-getfile-2box-top[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\dl-getfile-checklist[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\d[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\e9915e56daf161bc[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\exklusives-angebot[1].gif 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\expansion_embed[1].js 53KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\f2p[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\facebook-claim-01[1].png 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\firefox.png-6894e86cc90fb174[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\Firefox_13014344[1].htm 152KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\Firefox_Setup_13.0.1[1].exe 16'036KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\fix-gfx-090224[1].gif 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\footer-black-icons[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\footer-box-bg[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\getSuggestions2[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\global[1].css 122KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\global[1].js 28KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\google_plus_statisch_v2[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\gplus-15[1].png 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\gw[1].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\handy[1].json 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\he-v1-suche-btn-autumn[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\impr[1] 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\impr[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\insert[1].txt 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\inventar_test;sz=1x1;kw=adblocker_chip_bodyjs;ord=21986883399[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\inventar_test;sz=1x1;kw=adblocker_chip_bodyjs;ord=95664792893[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\isearch_avg_com[1].htm 20KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\jetzt-am-kiosk[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\layer.min[1].js 24KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\liste-d2309af66068f9fe[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\liste_mediathek_60x60-a5668f33f929b9ce[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\loading[1].gif 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\magazin-2012-07[1].gif 14KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\meta[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\mvtSzenarios[1].js 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\nav-bl-li-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\navi-box-head[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\navseiten[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\news[1].json 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\paidlisting-body-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\pfad_icon[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\pic[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\pic[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\plusone[1].js 14KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\preisvergleich_icon2[1].png 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\prototypen[1].css 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\rc[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\render_ads[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\rtb[1] 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\show_ads[1].js 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\si[1].js 6KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\spc[1].php 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\spc[2].php 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\sprite4-a67f741843ffc4220554c34bd01bb0bb[2].png 21KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\s[1].htm 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\teaser1_k-88c95cfb302932aa[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\teaser2-efe2516804112e73[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\testsieger[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\tipp[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\tweet_button[1].html 55KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O7H57DQ4\win82[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\195661_66x50_14[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\1f1f9191569f53a4[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\304833271[1].js 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\374708745_0dc8e6c66e[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\504760756_17f7995f90[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\508531440_dd28a41ab1[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\509139180_b2c0c059f7[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\509330664_ca6f151172[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\509354662_5049789f92[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\510814217_c2bbb0a4d8[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511062825_e454eb85f1[1].jpg 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511062826_b15eef1911[1].jpg 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511062827_aa89b563ee[1].jpg 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511062831_db7a82e212[1].jpg 10KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511062832_059393ecb3[1].jpg 10KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511083483_2f81a9fab9[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\511755437_37757a0e72[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\512007094_a6799f2b9c[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\512087881_29595813e2[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\512088372_8386933a58[1].jpg 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\512374222_4fb7a4abe6[1].jpg 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\5152322ecc6eb3c5[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\5294234c8a0f1169[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\5494849742338754188[1].gif 40KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\7f6a653afe04cac4[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\803adb7c5db41afb[1].jpg 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\9109334314255318342[1].jpg 22KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\9902421d67c18675[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\;ord=687332[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\;ord=6928211[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\;ord=6928211[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\;ord=9018095[1] 11KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\adblockplus-1bcb7dcec4d0ea6d[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\adsense_v3[1].html 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ads[1] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ads[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ads[1].htm 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ads[2] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ads[3] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ajs[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\all[1].css 40KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\all[1].js 173KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\b3d9b95a215f09a5[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\banneroben_lg_120612[1].jpg 15KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\bannerrechts_lg_120612[1].jpg 24KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\bestenlistenteaser-head[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\btn-question[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\btn-rss-google[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\chip_de[1].htm 139KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\content-navi-head-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\cset_v[1].php 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\cxo_adtech-57959-min[1].js 39KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\d3206c38b1325928[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\d3206c38b1325928[2].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\e2a3ee1ed34f0c33[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\e8802500eeb77cb1[1].jpg 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\eb4ae39c1eab37b7[1].jpg 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\efws[1].js 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\f9a4e877c9cfd2a7[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\firefox.png-60d827751a05ffaa[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\Firefox_Setup_13.0.1[1].exe 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\Firefox_Setup_13.0.1[2].exe 127KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\Firefox_Setup_13.0.1[3].exe 8KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\fl[1].js 7KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\footer-black-special-btn[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\footer-kat-links-arrow[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\galerie_rank_top10_transp[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ga[1].js 36KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\getSuggestions2[1].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\getSuggestions2[2].php 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\gw[1].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\gw[2].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\he-v1-suche-btn-autumn[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\heias[1].js 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\jquery.min[1].js 90KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\js[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\js[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\logo[1].png 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\magnifying_glass[1].png 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\mediacom.de[1].asis 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\meld128[1].js 5KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\mobileredirect[1].js 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\nav-bl-li-bullet[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\navibox-bg-bottom-wo-border[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\n_RuoScpIbP[1].css 19KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\paidlisting-end-bg[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\pic[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\pic[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\pic[3].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\proxtube-df33370e01f841a1[1].jpg 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\rc[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\rc[2] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\ron_100[1] 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\rss-icon[1].gif 2KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\rtb[1] 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\rtb[2] 3KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\spc[1].php 9KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\suche[1].css 12KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\teaser-bg-gray[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\tk_[1].json 15KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\topnavi-grad[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\tpx[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\trk[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\trk[2].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\xd_arbiter[1].htm 26KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\xd_arbiter[2].htm 26KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEPMCSFG\_2999910_transpix[1].gif 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT 16KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm\iesqmdata0.sqm 5KB
C:\Users\karren\AppData\Local\Microsoft\Feeds Cache\A6Z0JMRX\fwlink[1] 0KB
C:\Users\karren\AppData\Local\Microsoft\Feeds Cache\B45GUFFU\ieonline.microsoft[1] 0KB
C:\Users\karren\AppData\Local\Microsoft\Feeds Cache\U7M60HHJ\fwlink[1] 0KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012100120121008\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012100820121015\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012101520121022\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012102320121024\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012102520121026\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012102620121027\index.dat 32KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 48KB
C:\Users\karren\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012012062020120621\index.dat 32KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat 16KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C8E05823-BA38-11E1-9061-0013A9449FCE}.dat 5KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{A329392D-BA48-11E1-A512-0013A9449FCE}.dat 5KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\02EDDY7W.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\0OUNO71C.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\0VA6Q6GS.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\14KY231M.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\1NDYS3E1.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\2L2PST8Y.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\2RW9KLV8.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\3MW0OZ3D.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\52CYSHDK.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\5KR85VZ6.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\5OQ5542Q.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\759PG539.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\7HWLD1J7.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\7LLUX5TW.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\97DESNG2.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\9NJFAEDZ.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\9RREE1VR.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\A4V3DIHW.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\AOI27HHK.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\CEGJSYC2.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\D07LAMXY.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\D41333NV.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\D78GLRLK.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\G907IZOB.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\GCLKA12D.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\HC9ABYM0.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\I9JICG26.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\IH374SGF.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\IWCQSALY.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\JXJ9JZSK.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\K2QULQJ3.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\karren@affil[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\karren@magnus[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\L0GXGV2X.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\NUE1LEBB.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\OL08O4R8.txt 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\PX3MAMIN.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\QOYBFRVS.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\RT5WS9GR.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\RZXAUPPL.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\S1763ZUR.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\SJ6UY699.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\SMH7T3JQ.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\U8DP5A6D.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\UEIQTFPP.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\WB0VZIJZ.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\WR1E453K.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\XCKH0341.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\XR6WRK3G.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\XZXCSKGH.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\Y6R7KZHP.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\YRJAULW6.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\Z2DDM71I.txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@abmr[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@actionallocator[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@admax.quisma[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@adnxs[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@ads.creative-serving[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@adscale[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@adsfac[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@advolution[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@adx.chip[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@atdmt[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@chip[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@connect.wunderloop[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@doubleclick[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@flashtalking[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@heias[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@ih.adscale[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@ih.adscale[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@invitemedia[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@ivwbox[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@newtention[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@nuggad[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@req.connect.wunderloop[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@revsci[1].txt 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@semasio[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@strato[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@t.qservz[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@tag.admeld[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@turn[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@wtp101[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@wunderloop[2].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\karren@www.chip[1].txt 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Cookies\low\N9TX850Q.txt 1KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\DOMStore\46X1WNV7\www.facebook[1].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\DOMStore\4HXWDNGI\secure.img-cdn.mediaplex[1].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\DOMStore\FGW1BJJ2\cdn.unicast.msn[1].xml 1KB
C:\Users\karren\AppData\Local\Microsoft\Internet Explorer\DOMStore\I8GZ5RS7\rad.msn[1].xml 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Internet Explorer\UserData\M2P6K1E9\at[1].xml 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Internet Explorer\UserData\M2P6K1E9\at[2].xml 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat 16KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat 48KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 256KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat 240KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\01 - Cherish The Day.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\03 - Princesa.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\06 - Alex Ubago - Sin Miedo A Nada - EMG - www.elitemusic.org.lnk 5KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\06 - El Alcohol.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\09 - Chayanne - Yo te amo - www.torrentazos.com.lnk 5KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\09 - No Ordinary Love.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\09 - Pienso en Ti.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\090 (2).lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\1-13 Everyday.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\12 Marc Antony - No me Conoces.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\13 - Please Send Me Someone To Love.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\140.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\2012-08-21 Arztzeugnis.lnk 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\2012-08-28 Arztzeugnis 2.lnk 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\2012-08-28.lnk 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Anna Lea 1 Jahr alt.lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Anna Lea 2 Jahre alt.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Anna Lea 3 Jahre alt.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\attachment.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Basteln und Nähen.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\BTV, GOGO.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\CD-Laufwerk (2).lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\CD-Laufwerk (3).lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\CD-Laufwerk.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\CH1112000000000022615.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Das WIR in unserer Familie.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Dokumente.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1180.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1182.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1305.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1322.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1418.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1517.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1532.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1542.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1543.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\DSCN1544.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\erste Mappe.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\ETG.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Hello Kitty.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Hochzeit.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\iTunes Library.lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\iTunes.lnk 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Karen 2.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Karen.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Karreen Dateien.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Kodak Bilder.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\LC.lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Lotte Schuler.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Mami.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\marco antonio solis - sigue sin mi (1).lnk 4KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Meine empfangenen Dateien.lnk 3KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\message[1].lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Michaela.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Microsoft Office Word-Dokument (neu) (2).lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Microsoft Office Word-Dokument (neu).lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Neue Bitmap.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Neues Journal-Dokument.lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\photo.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\photo2.php.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Porsche5 14.07.12 2.lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Programme.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Puppenpflasterli.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Schreibübungen.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\SERiAL.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Stundenabrechnung Reinigungsarbeiten.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\System und Sicherheit.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\T.y.S y Alex B Romanticas(Www.LosMasCotizados.Com).lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Taufe RS.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Taufe.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Tunika Tini.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Verkaufszahlen.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Vollmacht Grit Erbe Oma.lnk 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\Wartungscenter.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\winmail.dat.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\X-Mas 2003.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\X-Mas Cable.lnk 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Windows\Recent\{086A63F0-6B13-4F29-9695-134E7A01E963}.lnk 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 1'024KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 1KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 1'024KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 4KB
C:\Users\karren\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 1KB
C:\Windows\TEMP\toolbar_log.txt 8KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\CbsProvider.dll 529KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\CompatProvider.dll 138KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\CbsProvider.dll.mui 36KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\CompatProvider.dll.mui 14KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\DismCore.dll.mui 7KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\DismProv.dll.mui 2KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\DmiProvider.dll.mui 17KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\FolderProvider.dll.mui 2KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\IntlProvider.dll.mui 32KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\LogProvider.dll.mui 6KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\MsiProvider.dll.mui 17KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\OSProvider.dll.mui 3KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\SmiProvider.dll.mui 2KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\TransmogProvider.dll.mui 13KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\UnattendProvider.dll.mui 5KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\de-DE\WimProvider.dll.mui 15KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\DismCore.dll 226KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\DismCorePS.dll 50KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\DismHost.exe 81KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\DismProv.dll 138KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\DmiProvider.dll 311KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\FolderProvider.dll 48KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\IntlProvider.dll 245KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\LogProvider.dll 88KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\MsiProvider.dll 156KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\OSProvider.dll 101KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\SmiProvider.dll 215KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\TransmogProvider.dll 340KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\UnattendProvider.dll 237KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\wdscore.dll 186KB
C:\Users\karren\AppData\Local\Temp\3DA7E40E-44FB-4FBA-87DC-EB40103B4E12\WimProvider.dll 338KB
C:\Users\karren\AppData\Local\Temp\AdobeARM.log 143KB
C:\Users\karren\AppData\Local\Temp\APN-Stub\Stb816ec5a4-de85-4af5-b9f5-cb13a2d9fb6d.log 2KB
C:\Users\karren\AppData\Local\Temp\APN-Stub\Stb86b18cf1-78b0-4211-a2f9-31a4927afd04.log 2KB
C:\Users\karren\AppData\Local\Temp\APN-Stub\Stbbae3d1c8-e8c2-4129-bd6e-721ab853183b.log 2KB
C:\Users\karren\AppData\Local\Temp\APNLogs\iw.log 1KB
C:\Users\karren\AppData\Local\Temp\AskSLib.dll 243KB
C:\Users\karren\AppData\Local\Temp\CommonInstaller.exe 4'611KB
C:\Users\karren\AppData\Local\Temp\ichcop 0KB
C:\Users\karren\AppData\Local\Temp\jusched.log 7KB
C:\Users\karren\AppData\Local\Temp\MSI4f36b.LOG 188KB
C:\Users\karren\AppData\Local\Temp\toolbar_log.txt 144KB
C:\Users\karren\AppData\Local\Temp\UNINSTALL.exe 1'042KB
C:\Users\karren\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe 241KB
C:\Users\karren\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe 172KB
C:\Users\karren\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4

Karen 26.10.2012 22:16
Log Teil 2:

C:\Windows\DtcInstall.log 2KB
C:\Windows\IE9_main.log 5KB
C:\Windows\PFRO.log 93KB
C:\Windows\setupact.log 30KB
C:\Windows\setuperr.log 0KB
C:\Windows\TSSysprep.log 2KB
C:\Windows\Debug\mrt.log 4KB
C:\Windows\Debug\mrteng.log 3KB
C:\Windows\Debug\sammui.log 1KB
C:\Windows\security\logs\scesetup.log 614KB
C:\Windows\security\logs\scecomp.old 10KB
C:\Windows\Logs\DirectX.log 113KB
C:\Windows\Logs\IE9_NR_Setup.log 4KB
C:\Windows\Logs\WU_IE9_LangPacks.log 1KB
C:\Windows\Logs\CBS\FilterList.log 1KB
C:\Windows\Logs\DISM\dism.log 201KB
C:\Windows\Logs\DPX\setupact.log 76KB
C:\Windows\Logs\DPX\setuperr.log 0KB
C:\Windows\Logs\WindowsBackup\Backup Files 2012-10-22 194253_error.log 1KB
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log 51KB
C:\Users\karren\AppData\Local\Microsoft\Windows\WindowsUpdate.log 86KB
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log 25KB
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log 2'969KB
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log 585KB
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log 5'553KB
C:\Windows\inf\setupapi.app.log 953KB
C:\Windows\inf\setupapi.dev.log 6'072KB
C:\Windows\Panther\UnattendGC\setupact.log 12KB
C:\Windows\Panther\UnattendGC\setuperr.log 0KB
C:\Windows\Panther\setupact.log 790KB
C:\Windows\Panther\setuperr.log 0KB
C:\Windows\Performance\WinSAT\winsat.log 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\0D\64BA4d01 60KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\0F\DB35Fd01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\3F\50199d01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\4B\E0115d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\5B\FE6E7d01 54KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\65\14808d01 42KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\72\3E672d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\77\E683Dd01 30KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\91\EE28Ad01 38KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\92\FB171d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\99\BD9C2d01 50KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\9B\65E39d01 59KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\A1\4EE83d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\A7\19099d01 35KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\AB\430BAd01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\B0\706B0d01 113KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\B8\E1043d01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\BA\63D42d01 64KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\BE\7DD3Cd01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\C4\CC5D3d01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\C5\E8D99d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\CC\E2550d01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\DD\1A22Bd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\E8\8BA77d01 36KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\F7\63D79d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\0\FD\8E91Ad01 43KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\0A\9D185d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\0D\C8FD7d01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\1A\8D218d01 51KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\1B\528C1d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\24\D749Cd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\54\9AC33d01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\68\A5CA3d01 57KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\81\D922Fd01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\AF\857B9d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\B2\D501Fd01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\C3\1B159d01 109KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\C4\B03DEd01 39KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\D1\83DDEd01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\D8\37A47d01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\1\FE\91A70d01 88KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\00\74102d01 39KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\04\0A1E9d01 36KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\0D\4340Ed01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\1A\736D7d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\1F\7347Ad01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\2B\42093d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\3E\4DB0Ad01 74KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\41\0C3A8d01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\41\7F1FEd01 252KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\49\7247Ad01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\49\83C0Ed01 57KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\4E\BAE42d01 39KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\51\4C1F4d01 114KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\5A\9708Dd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\5B\56E9Dd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\5B\88837d01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\6A\C8349d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\77\56338d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\77\61500d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\95\8AD8Dd01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\96\F6C8Ed01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\A7\15882d01 50KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\AC\D8BD7d01 51KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\2\EF\49F3Cd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\03\CF42Bd01 40KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\37\7E081d01 108KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\46\C54BEd01 41KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\4B\AA3CBd01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\51\DDF98d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\5D\7AADDd01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\6A\11B39d01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\8D\465E3d01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\92\0C955d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\9C\FF906d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\A5\4AF4Bd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\C5\F57E0d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\D0\5E308d01 94KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\DD\5FF38d01 30KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\E6\026A9d01 230KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\F9\FB1D8d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\3\FA\CA3F1d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\05\48670d01 38KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\09\2C536d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\0B\0170Ad01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\1A\6429Bd01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\1D\7D2E5d01 100KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\1D\B9FB1d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\4E\31022d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\53\DD467d01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\63\AC44Fd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\7A\3664Bd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\7D\0EF0Cd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\98\16695d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\9A\EC5A9d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\A5\B4C7Cd01 64KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\A7\E1B7Ad01 43KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\A8\C4506d01 88KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\B6\A2592d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\BB\47104d01 50KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\C3\CF70Bd01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\CA\920BAd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\D1\68F8Dd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\D2\6A0F9d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\D8\090F0d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\DD\BD905d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\EA\BB4D7d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\EE\F4591d01 113KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\F5\76F30d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\4\FC\79C7Fd01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\15\D0475d01 71KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\34\D6B70d01 65KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\35\FAAB0d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\3D\B6E85d01 44KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\56\E02E3d01 83KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\68\2188Ad01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\6E\441D1d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\90\164FFd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\91\20C75d01 36KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\91\69D47d01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\96\AAC4Fd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\AA\9C48Ed01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\B2\62159d01 34KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\BA\6665Fd01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\CE\57D3Bd01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\DA\13ABBd01 72KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\E2\F0D13d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\5\F1\9044Cd01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\28\1DDE8d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\32\E15E5d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\33\FF82Ad01 48KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\3B\3763Ed01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\46\EA59Ed01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\4B\084D0d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\5D\75AD8d01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\5E\D97B0d01 50KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\6A\9E153d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\6F\15749d01 36KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\70\29E5Dd01 44KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\84\DFA61d01 172KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\B6\9F94Fd01 51KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\BD\F2EC7d01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\C1\A3D09d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\C3\18724d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\CC\8422Ed01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\CC\EB8D5d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\D0\AAB66d01 35KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\D4\D241Bd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\6\FC\99CDCd01 162KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\03\690CEd01 91KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\04\5982Fd01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\11\67200d01 65KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\1B\A9872d01 37KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\20\AB9B9d01 64KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\26\DA6F5d01 102KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\2A\8F6B2d01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\41\58D1Fd01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\4A\52E3Cd01 38KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\5F\580F5d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\84\0D35Ed01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\84\476DCd01 53KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\85\04927d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\85\2773Ed01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\89\9F2A0d01 48KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\8D\7E35Ed01 35KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\9B\F7670d01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\A8\82566d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\B6\BC4C7d01 95KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\C0\EBED8d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\C2\1B0B4d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\C5\E0634d01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\E1\BC01Dd01 112KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\F3\E28DFd01 123KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\7\F7\EE1B6d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\05\18CA3d01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\14\DF3B2d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\22\D45EBd01 36KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\39\44F65d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\39\7693Ed01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\52\1FE34d01 59KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\6A\DACD5d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\6B\67A1Bd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\98\6F63Ad01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\E7\204FAd01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\8\F7\67B2Ed01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\09\20B28d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\1B\A0524d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\25\CE247d01 31KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\33\2062Dd01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\49\8F29Ed01 94KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\50\C73FCd01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\55\5C366d01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\56\6F38Dd01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\58\B99E0d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\59\F9F0Cd01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\68\F9170d01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\75\B4BBCd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\78\86956d01 48KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\95\C7E14d01 74KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\96\F2DFEd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\99\89AA4d01 196KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\AC\AD8B2d01 56KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\AD\530D9d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\AF\A0455d01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\B5\61818d01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\EE\5E331d01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\9\FF\AD8ECd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\14\E0A49d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\25\F679Ad01 31KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\2C\E775Dd01 40KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\40\031ADd01 33KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\40\1C2FBd01 31KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\42\E0273d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\5B\23306d01 31KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\5F\0EF47d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\68\50837d01 53KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\95\DC38Bd01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\A1\55E17d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\C0\C2FE5d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\C4\0475Bd01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\D7\9FB36d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\E6\BDDC4d01 87KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\ED\9D24Fd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\FA\31FF2d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\A\FC\19958d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\0F\9D566d01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\1C\76FD3d01 103KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\22\AB8ABd01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\2A\F4FD0d01 43KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\49\8B5FBd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\5D\FE5F2d01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\61\F0D25d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\76\3C506d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\85\B8656d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\C7\40CD2d01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\CE\D783Dd01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\D4\1D592d01 23KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\D8\C6E70d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\B\FA\39E53d01 98KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\02\2376Fd01 93KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\16\749D7d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\25\C4862d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\31\F6F33d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\36\FBA6Ed01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\4F\FADABd01 141KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\56\3BB9Dd01 92KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\6B\A70BDd01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\6D\E0175d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\71\37471d01 52KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\7F\A1539d01 44KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\91\5444Bd01 40KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\A6\59BE6d01 51KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\A9\BFDB6d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\BC\8D5EAd01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\D2\0A251d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\D2\46B2Bd01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\EB\2FCEAd01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\C\FD\716F7d01 101KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\09\D3A87d01 49KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\12\9DDACd01 47KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\18\DAD77d01 41KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\19\3C290d01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\1E\0235Ed01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\48\748C4d01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\49\5A09Cd01 29KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\4E\05F9Cd01 61KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\58\869BBd01 71KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\6A\975CCd01 171KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\6E\97E6Ad01 136KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\87\527EEd01 48KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\93\4EB15d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\C2\2AF22d01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\E4\1D30Ad01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\EA\0CB14d01 83KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\ED\84BE1d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\D\F4\518D2d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\07\6471Fd01 24KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\31\39706d01 31KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\34\3EAB5d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\46\7E925d01 47KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\46\D0F08d01 116KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\49\59E84d01 57KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\4D\E3948d01 22KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\5C\FD492d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\5D\CFB2Ed01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\6B\0A639d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\71\D906Fd01 68KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\73\2C9F6d01 71KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\83\D804Fd01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\84\83721d01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\95\DA4ECd01 60KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\A3\FF5FCd01 26KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\B3\F8D4Dd01 28KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\C7\16929d01 40KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\D8\E9844d01 41KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\E1\3A485d01 94KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\E2\CB08Cd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\E3\B8A05d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\E9\45E07d01 17KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\E\FE\E28BFd01 27KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\08\DFFA3d01 32KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\0F\28ED0d01 20KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\25\37507d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\36\1CC7Cd01 47KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\3A\2652Fd01 50KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\45\34A54d01 44KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\56\1C1D7d01 25KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\8E\0E1A3d01 108KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\99\73F2Fd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\9A\02009d01 37KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\9E\909CDd01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\A5\ADFAFd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\AF\251DAd01 19KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\BB\02A32d01 30KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\BE\20437d01 86KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\BE\A35D7d01 47KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\C9\BE215d01 34KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\CC\24D43d01 46KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\D8\31352d01 21KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\F\F2\37F3Ad01 18KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\_CACHE_001_ 1'471KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\_CACHE_002_ 3'433KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\_CACHE_003_ 9'410KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\cache\_CACHE_MAP_ 65KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\+0CaegrcqzX5+MzY6IGQIw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\+iRlcGt3O7C_RX_zyRGd7Q==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\02TuInB7avtwzuWPz15SBg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\06UJUom2gi5nQX8FyD7j8Q==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\3pP1qJnTJyo9fen6F7JRhg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\4gPpjkxgZzXPVtuEoAL9Ig==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\5+475mTH4ZL6s4oAeqon4g==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\5_gPJPzDfClrWTp1TJ3zdA==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\6BgtAz2qNPgQdwbaHKYt4w==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\6WHu4JVvvTUfGzzslWVBxw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\6WthdfPHkBACXVCTggS1cA==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\86BbMXr7gSTJXCcymnUZeQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\A8Z2NDTecS1mnYaNvQ1ONw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\B+typVyOvLqFyHBX_f+pLw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\bGLfRCmjhBK_Idg+l2J59w==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\bk1cJA3ifo9nL_LkpsVoXw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\CozHXOt9AO8UEtlzq86zUQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\f7yBVDtmOhAjRCem5Txy3A==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\fESyC43zIIWzAoxQevd_FQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\fm0xIS9BR7S2vPGg+KQoWQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\fxRM2HDYyR2Xd0FFjNibmg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\g_JsSxjX+fkpJDU_esDqQw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\h0aMB8AuNw74TUt+OmaFiQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\HHKSRXWkwImoA6BdDl6Zkw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\hsqHm5U5hCl8c4bMRl+b4g==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\Jw0_OQHlthNql7MHeje2ZQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\ko7gyk2yNgk4Mlg7muz85w==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\kQHk2FqN_eCh8A_KAcHPDQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\lKHbQ4KyG1_Q8YNPGk3V0Q==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\lOBnI7WkbKeRpnyKoBniZw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\MLVl9slxRo6NpSU78hwMog==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\OGGm1UMgehjoJVK_vYi5IQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\oHuoeem+IqufwXLmyhdudw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\P27ugZViYCs48giSwkQsxw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\pTCGwZp_YIfXebBIrlW28Q==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\QFC68Vuvf3b6Subi1jzfIg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\qgbuLK7iVeIMQpp8y86GHQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\QgJp2PC1JMLHO7xAlzHFYg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\Qmk4J5rEIy4ohfpStSCZAg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\qXGz0xLq3X5jZE0K7ZuOgg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\S3hmIbl2JnY3hYKxl3+6OQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\sHgGnYxGzn4fayu7w3z5Hg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\uffdw3KzjXhruEWJzli7Bg==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\us6Zvne1sIMUrs2KrZFdpw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\VcZv_M0GE4A+eJfIrBVqqA==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\WFk76c4K8wY0BSpeP4XG1Q==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\xfA64htdKb8g8qlW6GFojQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\xVaQDIL8Y_EbAncSpi2ifw==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\Yah4MBmOlA3NVNXSOyUZFQ==.ico 1KB
C:\Users\karren\AppData\Local\Mozilla\Firefox\Profiles\yk1yyzpt.default\jumpListCache\_HwF9ZqZ8aM8nDhxe6riyg==.ico 1KB
Entfernte Cookies: admax.quisma.com 0KB
Entfernte Cookies: ads.creative-serving.com 0KB
Entfernte Cookies: adx.chip.de 0KB
Entfernte Cookies: atdmt.com 0KB
Entfernte Cookies: chip.de 0KB
Entfernte Cookies: doubleclick.net 0KB
Entfernte Cookies: heias.com 0KB
Entfernte Cookies: ih.adscale.de 0KB
Entfernte Cookies: invitemedia.com 0KB
Entfernte Cookies: ivwbox.de 0KB
Entfernte Cookies: req.connect.wunderloop.net 0KB
Entfernte Cookies: revsci.net 0KB
Entfernte Cookies: semasio.net 0KB
Entfernte Cookies: t.qservz.com 0KB
Entfernte Cookies: tag.admeld.com 0KB
Entfernte Cookies: www.chip.de 0KB
Entfernte Cookies: mozilla.org 0KB
Entfernte Cookies: slimwareutilities.com 0KB
Entfernte Cookies: www.slimwareutilities.com 0KB
Entfernte Cookies: treiber-windows.de 0KB
Entfernte Cookies: www.googleadservices.com 0KB
Entfernte Cookies: leads.383media.com 0KB
Entfernte Cookies: driverwhiz.com 0KB
Entfernte Cookies: safecart.com 0KB
Entfernte Cookies: account.driversupport.com 0KB
Entfernte Cookies: avanquest.com 0KB
Entfernte Cookies: adsfac.eu 0KB
Entfernte Cookies: adjug.com 0KB
Entfernte Cookies: scorecardresearch.com 0KB
Entfernte Cookies: www1.mpnrs.com 0KB
Entfernte Cookies: simpli.fi 0KB
Entfernte Cookies: mp-success.com 0KB
Entfernte Cookies: triggit.com 0KB
Entfernte Cookies: kdukvh.com 0KB
Entfernte Cookies: mathtag.com 0KB
Entfernte Cookies: ad.360yield.com 0KB
Entfernte Cookies: alenty.com 0KB
Entfernte Cookies: adobe.com 0KB
Entfernte Cookies: apmebf.com 0KB
Entfernte Cookies: mediaplex.com 0KB
Entfernte Cookies: pearl.ch 0KB
Entfernte Cookies: gmx.net 0KB
Entfernte Cookies: google.ch 0KB
Entfernte Cookies: adfarm1.adition.com 0KB
Entfernte Cookies: wemfbox.ch 0KB
Entfernte Cookies: instagr.am 0KB
Entfernte Cookies: addto.tomtom.com 0KB
Entfernte Cookies: tomtom.com 0KB
Entfernte Cookies: tracking.quisma.com 0KB
Entfernte Cookies: apple.com 0KB
Entfernte Cookies: www.asaphshop.ch 0KB
Entfernte Cookies: asaphshop.ch 0KB
Entfernte Cookies: tour.sapphicerotica.com 0KB
Entfernte Cookies: webwiki.de 0KB
Entfernte Cookies: www.webwiki.de 0KB
Entfernte Cookies: a.revenuemax.de 0KB
Entfernte Cookies: adaos-ads.net 0KB
Entfernte Cookies: rvty.net 0KB
Entfernte Cookies: adscale.de 0KB
Entfernte Cookies: criteo.com 0KB
Entfernte Cookies: ww.nsb.ch 0KB
Entfernte Cookies: smartadserver.com 0KB
Entfernte Cookies: www.nsb.ch 0KB
Entfernte Cookies: 2o7.net 0KB
Entfernte Cookies: msn.com 0KB
Entfernte Cookies: live.com 0KB
Entfernte Cookies: zedo.com 0KB
Entfernte Cookies: nspmotion.com 0KB
Entfernte Cookies: ch.msn.com 0KB
Entfernte Cookies: globalsign.com 0KB
Entfernte Cookies: ocsp2.globalsign.com 0KB
Entfernte Cookies: asvz.ethz.ch 0KB
Entfernte Cookies: www.bogenclub-frauenfeld.ch 0KB
Entfernte Cookies: www.dartshop.ch 0KB
Entfernte Cookies: rheinmaintv-video.de 0KB
Entfernte Cookies: www.spox.com 0KB
Entfernte Cookies: adtech.de 0KB
Entfernte Cookies: sensic.net 0KB
Entfernte Cookies: images.spox.com 0KB
Entfernte Cookies: spox.com 0KB
Entfernte Cookies: bogenundpfeile.de 0KB
Entfernte Cookies: youtube.com 0KB
Entfernte Cookies: wa.ui-portal.de 0KB
Entfernte Cookies: adclient.uimserv.net 0KB
Entfernte Cookies: www.tribook.ch 0KB
Entfernte Cookies: histats.com 0KB
Entfernte Cookies: reference.com 0KB
Entfernte Cookies: mookie1.com 0KB
Entfernte Cookies: quantserve.com 0KB
Entfernte Cookies: gwallet.com 0KB
Entfernte Cookies: rs.gwallet.com 0KB
Entfernte Cookies: legolas-media.com 0KB
Entfernte Cookies: dictionary.com 0KB
Entfernte Cookies: bluekai.com 0KB
Entfernte Cookies: thesaurus.com 0KB
Entfernte Cookies: tidaltv.com 0KB
Entfernte Cookies: visualdna.com 0KB
Entfernte Cookies: tribalfusion.com 0KB
Entfernte Cookies: waffen-schlottmann.de 0KB
Entfernte Cookies: yellow.local.ch 0KB
Entfernte Cookies: adserver.local.ch 0KB
Entfernte Cookies: tracking.crealytics.com 0KB
Entfernte Cookies: www.neckermann.ch 0KB
Entfernte Cookies: fastclick.net 0KB
Entfernte Cookies: ad4mat.ch 0KB
Entfernte Cookies: adspirit.net 0KB
Entfernte Cookies: neckermann.ch 0KB
Entfernte Cookies: www.econda-monitor.de 0KB
Entfernte Cookies: kostka-sport.de 0KB
Entfernte Cookies: shop.strebel-bogensport.ch 0KB
Entfernte Cookies: www.conforama.ch 0KB
Entfernte Cookies: xgraph.net 0KB
Entfernte Cookies: laredoute.ch 0KB
Entfernte Cookies: www.laredoute.ch 0KB
Entfernte Cookies: redcatsusa.com 0KB
Entfernte Cookies: amazon.de 0KB
Entfernte Cookies: statcamp.net 0KB
Entfernte Cookies: newsletter.vertbaudet.ch 0KB
Entfernte Cookies: vertbaudet.ch 0KB
Entfernte Cookies: movitex.122.2o7.net 0KB
Entfernte Cookies: adcloud.net 0KB
Entfernte Cookies: ads.ad4max.com 0KB
Entfernte Cookies: search.ch 0KB
Entfernte Cookies: www.paypal.com 0KB
Entfernte Cookies: www.gutefrage.net 0KB
Entfernte Cookies: gutefrage.net 0KB
Entfernte Cookies: eas.apm.emediate.eu 0KB
Entfernte Cookies: adyard.de 0KB
Entfernte Cookies: webmasterplan.com 0KB
Entfernte Cookies: spreadshirt.de 0KB
Entfernte Cookies: zanox-affiliate.de 0KB
Entfernte Cookies: www.momox.de 0KB
Entfernte Cookies: www.vodafone.de 0KB
Entfernte Cookies: strebel-bogensport.ch 0KB
Entfernte Cookies: huspo.ch 0KB
Entfernte Cookies: www.huspo.ch 0KB
Entfernte Cookies: vol.at 0KB
Entfernte Cookies: sdc.tele.net 0KB
Entfernte Cookies: austriacomplus.at 0KB
Entfernte Cookies: oewabox.at 0KB
Entfernte Cookies: piwik.medienhaus.com 0KB
Entfernte Cookies: www.vol.at 0KB
Entfernte Cookies: erlebnisberg.ch 0KB
Entfernte Cookies: sharethis.com 0KB
Entfernte Cookies: cede.ch 0KB
Entfernte Cookies: mx3.ch 0KB
Entfernte Cookies: o2online.de 0KB
Entfernte Cookies: cct.o2online.de 0KB
Entfernte Cookies: adbrite.com 0KB
Entfernte Cookies: afy11.net 0KB
Entfernte Cookies: demdex.net 0KB
Entfernte Cookies: dpm.demdex.net 0KB
Entfernte Cookies: pubmatic.com 0KB
Entfernte Cookies: adsrvr.org 0KB
Entfernte Cookies: pswec.com 0KB
Entfernte Cookies: tracker.vinsight.de 0KB
Entfernte Cookies: wtp101.com 0KB
Entfernte Cookies: flashtalking.com 0KB
Entfernte Cookies: strato.de 0KB
Entfernte Cookies: picmonkey.com 0KB
Entfernte Cookies: ieonline.microsoft.com 0KB
Entfernte Cookies: microsoft.com 0KB
Entfernte Cookies: ebay.ch 0KB
Entfernte Cookies: e-2dj6wfkiqidpgfo.stats.esomniture.com 0KB
Entfernte Cookies: hal9000.redintelligence.net 0KB
Entfernte Cookies: nonstoppartner.net 0KB
Entfernte Cookies: ch.ebayrtm.com 0KB
Entfernte Cookies: e-2dj6wjnyaoczsgq.stats.esomniture.com 0KB
Entfernte Cookies: e-2dj6aelieldzmao.stats.esomniture.com 0KB
Entfernte Cookies: e-2dj6wfl4godzgko.stats.esomniture.com 0KB
Entfernte Cookies: nxtck.com 0KB
Entfernte Cookies: tgv-europe.ch 0KB
Entfernte Cookies: ricardo.ch 0KB
Entfernte Cookies: issuu.com 0KB
Entfernte Cookies: sporthotel-beck.at 0KB
Entfernte Cookies: www.microsoft.com 0KB
Entfernte Cookies: odir.org 0KB
Entfernte Cookies: swobile.com 0KB
Entfernte Cookies: js.swobile.com 0KB
Entfernte Cookies: ero-advertising.com 0KB
Entfernte Cookies: checks.swobile.com 0KB
Entfernte Cookies: pornofilmpjes.nl 0KB
Entfernte Cookies: www.ricardo.ch 0KB
Entfernte Cookies: imageshack.us 0KB
Entfernte Cookies: www.migros.ch 0KB
Entfernte Cookies: meincomic.net 0KB
Entfernte Cookies: imgserv.sponsorads.de 0KB
Entfernte Cookies: www.sponsorads.de 0KB
Entfernte Cookies: newsletter.laredoute.ch 0KB
Entfernte Cookies: uimserv.net 0KB
Entfernte Cookies: download.mozilla.org 0KB
Entfernte Cookies: jdn.monster.com 0KB
Entfernte Cookies: stadlerrail.com 0KB
Entfernte Cookies: www.stadlerrail.com 0KB
Entfernte Cookies: www.blue-tomato.com 0KB
Entfernte Cookies: eas.statcamp.net 0KB
Entfernte Cookies: advolution.de 0KB
Entfernte Cookies: ikea.com 0KB
Entfernte Cookies: www.lipo.ch 0KB
Entfernte Cookies: www.vertbaudet.ch 0KB
Entfernte Cookies: www.blick.ch 0KB
Entfernte Cookies: blick.ch 0KB
Entfernte Cookies: cdn.cxpublic.com 0KB
Entfernte Cookies: tradedoubler.com 0KB
Entfernte Cookies: elitepartner.ch 0KB
Entfernte Cookies: meteoschweiz.ch 0KB
Entfernte Cookies: sf.tv 0KB
Entfernte Cookies: fr.sitestat.com 0KB
Entfernte Cookies: adonia.ch 0KB
Entfernte Cookies: www.adoniashop.ch 0KB
Entfernte Cookies: adoniashop.ch 0KB
Entfernte Cookies: tilllate.com 0KB
Entfernte Cookies: ch.tilllate.com 0KB
Entfernte Cookies: ad.dc2.adtech.de 0KB
Entfernte Cookies: cxense.com 0KB
Entfernte Cookies: kinderkonzerte.ch 0KB
Entfernte Cookies: www.leshop.ch 0KB
Entfernte Cookies: leshop.ch 0KB
Entfernte Cookies: www.ikea.com 0KB
Entfernte Cookies: sonyelectronicssupportus.112.2o7.net 0KB
Entfernte Cookies: www.sony.co.uk 0KB
Entfernte Cookies: sony.co.uk 0KB
Entfernte Cookies: sonyeurope.112.2o7.net 0KB
Entfernte Cookies: genesis.sony-europe.com 0KB
Entfernte Cookies: www.sony.ch 0KB
Entfernte Cookies: sony.ch 0KB
Entfernte Cookies: shops.ricardo.ch 0KB
Entfernte Cookies: photos-info.socialweekend.com 0KB
Entfernte Cookies: socialweekend.com 0KB
Entfernte Cookies: gmads.net 0KB
Entfernte Cookies: lfstmedia.com 0KB
Entfernte Cookies: pons.ch 0KB
Entfernte Cookies: in.getclicky.com 0KB
Entfernte Cookies: ad.ad-srv.net 0KB
Entfernte Cookies: lead-alliance.net 0KB
Entfernte Cookies: smartmobil.de 0KB
Entfernte Cookies: t23.intelliad.de 0KB
Entfernte Cookies: s214.meetrics.net 0KB
Entfernte Cookies: amazon-adsystem.com 0KB
Entfernte Cookies: familienleben.ch 0KB
Entfernte Cookies: www.familienleben.ch 0KB
Entfernte Cookies: networkedblogs.com 0KB
Entfernte Cookies: www.blogger.com 0KB
Entfernte Cookies: blogger.com 0KB
Entfernte Cookies: apps.armoona.com 0KB
Entfernte Cookies: 676280.spreadshirt.de 0KB
Entfernte Cookies: de.pons.eu 0KB
Entfernte Cookies: faegnaescht.ch 0KB
Entfernte Cookies: www.bing.com 0KB
Entfernte Cookies: bing.com 0KB
Entfernte Cookies: a4.bing.com 0KB
Entfernte Cookies: instagram.com 0KB
Entfernte Cookies: www.handelsblatt.com 0KB
Entfernte Cookies: handelsblatt.com 0KB
Entfernte Cookies: ads.semigator.de 0KB
Entfernte Cookies: tubemogul.com 0KB
Entfernte Cookies: verticalnetwork.de 0KB
Entfernte Cookies: www.olympia-lexikon.de 0KB
Entfernte Cookies: adxpose.com 0KB
Entfernte Cookies: olympia-lexikon.de 0KB
Entfernte Cookies: cache.player.snacktv.de 0KB
Entfernte Cookies: appleid.apple.com 0KB
Entfernte Cookies: store.apple.com 0KB
Entfernte Cookies: www.klubschule.ch 0KB
Entfernte Cookies: seminar.ch 0KB
Entfernte Cookies: www.salsa-am-see.de 0KB
Entfernte Cookies: salsa-am-see.de 0KB
Entfernte Cookies: www.bricks-on.de 0KB
Entfernte Cookies: bricks-on.de 0KB
Entfernte Cookies: www.salsaconvention.ch 0KB
Entfernte Cookies: tropenhaus-wolhusen.ch 0KB
Entfernte Cookies: www.tropenhaus-wolhusen.ch 0KB
Entfernte Cookies: bit.ly 0KB
Entfernte Cookies: linkwithin.com 0KB
Entfernte Cookies: w.soundcloud.com 0KB
Entfernte Cookies: xiti.com 0KB
Entfernte Cookies: signup.live.com 0KB
Entfernte Cookies: livefilestore.com 0KB
Entfernte Cookies: windows.microsoft.com 0KB
Entfernte Cookies: m.webtrends.com 0KB
Entfernte Cookies: dc.org-dot-com.com 0KB
Entfernte Cookies: logout.gmx.uimserv.net 0KB
Entfernte Cookies: konklase.com 0KB
Entfernte Cookies: mm.chitika.net 0KB
Entfernte Cookies: guineito.com 0KB
Entfernte Cookies: aieshare.com 0KB
Entfernte Cookies: whos.amung.us 0KB
Entfernte Cookies: ad.yieldmanager.com 0KB
Entfernte Cookies: network.adsmarket.com 0KB
Entfernte Cookies: mediafire.com 0KB
Entfernte Cookies: www.mediafire.com 0KB
Entfernte Cookies: rubiconproject.com 0KB
Entfernte Cookies: rtbidder.net 0KB
Entfernte Cookies: lucidmedia.com 0KB
Entfernte Cookies: yabuka.com 0KB
Entfernte Cookies: advertising.com 0KB
Entfernte Cookies: ru4.com 0KB
Entfernte Cookies: adbroker.de 0KB
Entfernte Cookies: netseer.com 0KB
Entfernte Cookies: w55c.net 0KB
Entfernte Cookies: tinyurl.com 0KB
Entfernte Cookies: rlcdn.com 0KB
Entfernte Cookies: engine.4dsply.com 0KB
Entfernte Cookies: online.europacasino.com 0KB
Entfernte Cookies: europacasino.com 0KB
Entfernte Cookies: www.europacasino.com 0KB
Entfernte Cookies: ilivid.com 0KB
Entfernte Cookies: lp.ilivid.com 0KB
Entfernte Cookies: reddit.com 0KB
Entfernte Cookies: banashare.com 0KB
Entfernte Cookies: adnetwork.net 0KB
Entfernte Cookies: pixer.meaningtool.com 0KB
Entfernte Cookies: losmascotizados.com 0KB
Entfernte Cookies: adspirit.de 0KB
Entfernte Cookies: actionallocator.com 0KB
Entfernte Cookies: www.hulkshare.com 0KB
Entfernte Cookies: hulkshare.com 0KB
Entfernte Cookies: ads.hulkshare.com 0KB
Entfernte Cookies: metalyzer.com 0KB
Entfernte Cookies: myspace.com 0KB
Entfernte Cookies: specificclick.net 0KB
Entfernte Cookies: discoverbing.com 0KB
Entfernte Cookies: interclick.com 0KB
Entfernte Cookies: microsoftwlsearchcrm.112.2o7.net 0KB
Entfernte Cookies: zbox.zanox.com 0KB
Entfernte Cookies: super-spanisch.de 0KB
Entfernte Cookies: www.super-spanisch.de 0KB
Entfernte Cookies: lourbano.com 0KB
Entfernte Cookies: sintelevisor.com 0KB
Entfernte Cookies: slide.simplereach.com 0KB
Entfernte Cookies: simplereach.com 0KB
Entfernte Cookies: d8rk54i4mohrb.cloudfront.net 0KB
Entfernte Cookies: blazingshare.com 0KB
Entfernte Cookies: adnxs.com 0KB
Entfernte Cookies: avira.com 0KB
Entfernte Cookies: imrworldwide.com 0KB
Entfernte Cookies: ask.com 0KB
Entfernte Cookies: hmit.ww.msn.com 0KB
Entfernte Cookies: aha-tanzschule.ch 0KB
Entfernte Cookies: guzuu.com 0KB
Entfernte Cookies: photobucket.com 0KB
Entfernte Cookies: www.rosenfluh.ch 0KB
Entfernte Cookies: 5-htp.nl 0KB
Entfernte Cookies: sanego.de 0KB
Entfernte Cookies: www.sanego.de 0KB
Entfernte Cookies: www.etracker.de 0KB
Entfernte Cookies: www.ktipp.ch 0KB
Entfernte Cookies: ads.konsuminfo.ch 0KB
Entfernte Cookies: ktipp.ch 0KB
Entfernte Cookies: www.netdoctor.co.uk 0KB
Entfernte Cookies: outbrain.com 0KB
Entfernte Cookies: turn.com 0KB
Entfernte Cookies: p-td.com 0KB
Entfernte Cookies: contextweb.com 0KB
Entfernte Cookies: audienceiq.com 0KB
Entfernte Cookies: spotxchange.com 0KB
Entfernte Cookies: adap.tv 0KB
Entfernte Cookies: netdoctor.co.uk 0KB
Entfernte Cookies: tap2-cdn.rubiconproject.com 0KB
Entfernte Cookies: hearstdigital.122.2o7.net 0KB
Entfernte Cookies: diagnosia.com 0KB
Entfernte Cookies: beobachter.ch 0KB
Entfernte Cookies: www.meamedica.de 0KB
Entfernte Cookies: meamedica.de 0KB
Entfernte Cookies: lightinthebox.com 0KB
Entfernte Cookies: www.lightinthebox.com 0KB
Entfernte Cookies: liveperson.net 0KB
Entfernte Cookies: ctrlitb.lbox.me 0KB
Entfernte Cookies: searchmarketing.com 0KB
Entfernte Cookies: server.iad.liveperson.net 0KB
Entfernte Cookies: m-connect.ch 0KB
Entfernte Cookies: www.yellowmap.ch 0KB
Entfernte Cookies: www.praxisbuechi.ch 0KB
Entfernte Cookies: www.praxis-schmid.ch 0KB
Entfernte Cookies: www.heiden.ch 0KB
Entfernte Cookies: pulloverland.com 0KB
Entfernte Cookies: ssl.hurra.com 0KB
Entfernte Cookies: adspro.hurra.com 0KB
Entfernte Cookies: hurra.com 0KB
Entfernte Cookies: migros.ch 0KB
Entfernte Cookies: zalando.tt.omtrdc.net 0KB
Entfernte Cookies: zalando.ch 0KB
Entfernte Cookies: mythings.com 0KB
Entfernte Cookies: adviva.net 0KB
Entfernte Cookies: track.zalando.ch 0KB
Entfernte Cookies: fl01.ct2.comclick.com 0KB
Entfernte Cookies: everesttech.net 0KB
Entfernte Cookies: ads.horyzon-media.com 0KB
Entfernte Cookies: pons.eu 0KB
Entfernte Cookies: telkoweb.de 0KB
Entfernte Cookies: base.de 0KB
Entfernte Cookies: econda-monitor.de 0KB
Entfernte Cookies: mlsat02.de 0KB
Entfernte Cookies: www.telekom.de 0KB
Entfernte Cookies: toolbox.contentspread.net 0KB
Entfernte Cookies: congstar.de 0KB
Entfernte Cookies: map.local.ch 0KB
Entfernte Cookies: local.ch 0KB
Entfernte Cookies: www.erlen.ch 0KB
Entfernte Cookies: fuersorgeamt.tg.ch 0KB
Entfernte Cookies: studio-muevete1.jimdo.com 0KB
Entfernte Cookies: doodle.com 0KB
Entfernte Cookies: log3.optimizely.com 0KB
Entfernte Cookies: www.schmuckguru.com 0KB
Entfernte Cookies: www.home.ch 0KB
Entfernte Cookies: www.immostreet.ch 0KB
Entfernte Cookies: immostreet.ch 0KB
Entfernte Cookies: adlink.net 0KB
Entfernte Cookies: ch.adlink.net 0KB
Entfernte Cookies: www.immoscout24.ch 0KB
Entfernte Cookies: immoscout24.ch 0KB
Entfernte Cookies: homegate.ch 0KB
Entfernte Cookies: schweiz.wohnungen-immobilien.ch 0KB
Entfernte Cookies: comparis.ch 0KB
Entfernte Cookies: www.anzeiger.ch 0KB
Entfernte Cookies: anzeiger.ch 0KB
Entfernte Cookies: winload.de 0KB
Entfernte Cookies: beacon-1.newrelic.com 0KB
Entfernte Cookies: www.santemed.ch 0KB
Entfernte Cookies: santemed.ch 0KB
Entfernte Cookies: mail.live.com 0KB
Entfernte Cookies: c.atdmt.com 0KB
Entfernte Cookies: c.bing.com 0KB
Entfernte Cookies: accounts.youtube.com 0KB
Entfernte Cookies: beratung.beobachter.ch 0KB
Entfernte Cookies: zapmeta.de 0KB
Entfernte Cookies: herzsache.de 0KB
Entfernte Cookies: gerichte-zh.ch 0KB
Entfernte Cookies: www.krippe.it 0KB
Entfernte Cookies: krippe.it 0KB
Entfernte Cookies: www.zapmeta.de 0KB
Entfernte Cookies: www.officeprofi.ch 0KB
Entfernte Cookies: handaufsholz.de 0KB
Entfernte Cookies: www.oberwil.ch 0KB
Entfernte Cookies: glasmalereibern.ch 0KB
Entfernte Cookies: ciao.de 0KB
Entfernte Cookies: www.ciao.de 0KB
Entfernte Cookies: www.deicke-kirchenbedarf.de 0KB
Entfernte Cookies: kruzifix24.de 0KB
Entfernte Cookies: www.kruzifix24.de 0KB
Entfernte Cookies: vivat.de 0KB
Entfernte Cookies: www.schreibmayr.de 0KB
Entfernte Cookies: www.jbf-holz.de 0KB
Entfernte Cookies: www.kirchliche-kunst.de 0KB
Entfernte Cookies: shopzilla.de 0KB
Entfernte Cookies: clix.superclix.de 0KB
Entfernte Cookies: www.ekomi.de 0KB
Entfernte Cookies: ekomi.de 0KB
Entfernte Cookies: religioese-geschenke.de 0KB
Entfernte Cookies: statcounter.com 0KB
Entfernte Cookies: www.indeed.ch 0KB
Entfernte Cookies: gate24.ch 0KB
Entfernte Cookies: www.gate24.ch 0KB
Entfernte Cookies: buecheler-ag.ch 0KB
Entfernte Cookies: msnportal.112.2o7.net 0KB
Entfernte Cookies: statse.webtrendslive.com 0KB
Entfernte Cookies: plugins.mozilla.org 0KB
Entfernte Cookies: ccbill.com 0KB
Entfernte Cookies: petites-parisiennes.com 0KB
Entfernte Cookies: sapphicerotica.com 0KB
Entfernte Cookies: beacon-4.newrelic.com 0KB
Entfernte Cookies: conforama.ch 0KB
Entfernte Cookies: c.live.com 0KB
Entfernte Cookies: profile.live.com 0KB
Entfernte Cookies: ausbildung-weiterbildung.ch 0KB
Entfernte Cookies: partner.popmog.com 0KB
Entfernte Cookies: serving-sys.com 0KB
Entfernte Cookies: bea-verlag.ch 0KB
Entfernte Cookies: t.kidoh.ch 0KB
Entfernte Cookies: www.kidoh.ch 0KB
Entfernte Cookies: zanox.com 0KB
Entfernte Cookies: myaudience.de 0KB
Entfernte Cookies: beacon.abba.accenture.com 0KB
Entfernte Cookies: indeed.ch 0KB
Entfernte Cookies: x-art.com 0KB
Entfernte Cookies: nespresso.com 0KB
Entfernte Cookies: www.nespresso.com 0KB
Entfernte Cookies: officeworld.ch 0KB
Entfernte Cookies: aka-cdn-ns.adtech.de 0KB
Entfernte Cookies: www.tagblatt.ch 0KB
Entfernte Cookies: twyn.com 0KB
Entfernte Cookies: sgtopenx.tagblattmedien.ch 0KB
Entfernte Cookies: tagblatt.ch 0KB
Entfernte Cookies: tracking.metalyzer.com 0KB
Entfernte Cookies: home.ch 0KB
Entfernte Cookies: openx.home.ch 0KB
Entfernte Cookies: tutti.ch 0KB
Entfernte Cookies: www.comparis.ch 0KB
Entfernte Cookies: sdc.comparis.ch 0KB
Entfernte Cookies: addthis.com 0KB
Entfernte Cookies: www.newhome.ch 0KB
Entfernte Cookies: newhome.ch 0KB
Entfernte Cookies: buch.ch 0KB
Entfernte Cookies: ad.zanox.com 0KB
Entfernte Cookies: www.koala.ch 0KB
Entfernte Cookies: koala.ch 0KB
Entfernte Cookies: sociomantic.com 0KB
Entfernte Cookies: ch.ad4mat.net 0KB
Entfernte Cookies: www.pikengo.de 0KB
Entfernte Cookies: estat.com 0KB
Entfernte Cookies: im.banner.t-online.de 0KB
Entfernte Cookies: pikengo.de 0KB
Entfernte Cookies: www.likoli.de 0KB
Entfernte Cookies: monamikids.de 0KB
Entfernte Cookies: www.monamikids.de 0KB
Entfernte Cookies: tracking.lengow.com 0KB
Entfernte Cookies: www.brandos.de 0KB
Entfernte Cookies: brandos.de 0KB
Entfernte Cookies: ad4.adfarm1.adition.com 0KB
Entfernte Cookies: www.modeseite.de 0KB
Entfernte Cookies: pinstyle.com 0KB
Entfernte Cookies: dealtime.com 0KB
Entfernte Cookies: stat.dealtime.com 0KB
Entfernte Cookies: otto.de 0KB
Entfernte Cookies: www.otto.de 0KB
Entfernte Cookies: www.spartoo.de 0KB
Entfernte Cookies: spartoo.de 0KB
Entfernte Cookies: adworx.at 0KB
Entfernte Cookies: adtiger.de 0KB
Entfernte Cookies: ccm2.net 0KB
Entfernte Cookies: quality-channel.de 0KB
Entfernte Cookies: exelator.com 0KB
Entfernte Cookies: adrolays.de 0KB
Entfernte Cookies: affil.io 0KB
Entfernte Cookies: tap.rubiconproject.com 0KB
Entfernte Cookies: kabeldeutschland.de 0KB
Entfernte Cookies: nexac.com 0KB
Entfernte Cookies: ad-suit.com 0KB
Entfernte Cookies: ad2.adfarm1.adition.com 0KB
Entfernte Cookies: ad.123-template.com 0KB
Entfernte Cookies: s.affimax.de 0KB
Entfernte Cookies: 123-template.com 0KB
Entfernte Cookies: lijit.com 0KB
Entfernte Cookies: rfihub.com 0KB
Entfernte Cookies: active-srv02.de 0KB
Entfernte Cookies: vodafone.de 0KB
Entfernte Cookies: belboon.de 0KB
Entfernte Cookies: praktiker.de 0KB
Entfernte Cookies: baby-markt.at 0KB
Entfernte Cookies: ebay.com 0KB
Entfernte Cookies: ebay.de 0KB
Entfernte Cookies: de.ebayrtm.com 0KB
Entfernte Cookies: ebayrtm.com 0KB
Entfernte Cookies: ladenzeile.de 0KB
Entfernte Cookies: clickfuse.com 0KB
Entfernte Cookies: www.ladenzeile.de 0KB
Entfernte Cookies: www.javari.de 0KB
Entfernte Cookies: populisengage.com 0KB
Entfernte Cookies: rd-eu.a9.com 0KB
Entfernte Cookies: www.xxl-sale.de 0KB
Entfernte Cookies: www.mirapodo.de 0KB
Entfernte Cookies: mirapodo.de 0KB
Entfernte Cookies: atemda.com 0KB
Entfernte Cookies: addie.verticalnetwork.de 0KB
Entfernte Cookies: clicks.pangora.com 0KB
Entfernte Cookies: guardian.co.uk 0KB
Entfernte Cookies: xxl-sale.de 0KB
Entfernte Cookies: beezup.com 0KB
Entfernte Cookies: www3.mirapodo.de 0KB
Entfernte Cookies: adclear.net 0KB
Entfernte Cookies: amgdgt.com 0KB
Entfernte Cookies: wunderloop.net 0KB
Entfernte Cookies: connect.wunderloop.net 0KB
Entfernte Cookies: www.amazon.de 0KB
Entfernte Cookies: ftv-publicite.fr 0KB
Entfernte Cookies: ad.prismamediadigital.com 0KB
Entfernte Cookies: aufeminin.com 0KB
Entfernte Cookies: a2dfp.net 0KB
Entfernte Cookies: netmng.com 0KB
Entfernte Cookies: openx.net 0KB
Entfernte Cookies: casalemedia.com 0KB
Entfernte Cookies: abmr.net 0KB
Entfernte Cookies: ads.undertone.com 0KB
Entfernte Cookies: www.burstnet.com 0KB
Entfernte Cookies: burstnet.com 0KB
Entfernte Cookies: www.zalando.ch 0KB
Entfernte Cookies: miniboo.ch 0KB
Entfernte Cookies: search.miniboo.ch 0KB
Entfernte Cookies: www.miniboo.ch 0KB
Entfernte Cookies: www.shopmania.de 0KB
Entfernte Cookies: shopmania.de 0KB
Entfernte Cookies: bubblestat.com 0KB
Entfernte Cookies: player.vimeo.com 0KB
Entfernte Cookies: www.brack.ch 0KB
Entfernte Cookies: shops.ch 0KB
Entfernte Cookies: auto.ricardo.ch 0KB
Entfernte Cookies: kath-tg.ch 0KB
Entfernte Cookies: firma.topsuche.ch 0KB
Entfernte Cookies: www.teloos.ch 0KB
Entfernte Cookies: accounts.google.com 0KB
Entfernte Cookies: marinsm.com 0KB
Entfernte Cookies: mirando.de 0KB
Entfernte Cookies: partners.webmasterplan.com 0KB
Entfernte Cookies: glam.com 0KB
Entfernte Cookies: nuggad.net 0KB
Entfernte Cookies: avazudsp.net 0KB
Entfernte Cookies: ad1.adfarm1.adition.com 0KB
Entfernte Cookies: mobile.de 0KB
Entfernte Cookies: ad.adserver01.de 0KB
Entfernte Cookies: ad.adc-serv.net 0KB
Entfernte Cookies: adverserve.net 0KB
Entfernte Cookies: advertstream.com 0KB
Entfernte Cookies: info.ricardo.ch 0KB
Entfernte Cookies: vistaprint.ch 0KB
Entfernte Cookies: kindex.ch 0KB
Entfernte Cookies: ostjob.ch 0KB
Entfernte Cookies: kindgirls.com 0KB
Entfernte Cookies: www.gmx.ch 0KB
Entfernte Cookies: www.postfinance.ch 0KB
Entfernte Cookies: postfinance.ch 0KB
Entfernte Cookies: e-finance.postfinance.ch 0KB
Entfernte Cookies: ocsp.entrust.net 0KB
Entfernte Cookies: bs.serving-sys.com 0KB
Entfernte Cookies: facebook.com 0KB
Entfernte Cookies: landlust.de 0KB
Entfernte Cookies: wordpress.com 0KB
Entfernte Cookies: ww251.smartadserver.com 0KB
Entfernte Cookies: trojaner-board.de 0KB
Entfernte Cookies: store.malwarebytes.org 0KB
Entfernte Cookies: arbeits-abc.de 0KB
Entfernte Cookies: s296.meetrics.net 0KB
Entfernte Cookies: gulli.com 0KB
Entfernte Cookies: board.gulli.com 0KB
Entfernte Cookies: plista.com 0KB
Entfernte Cookies: intellitxt.com 0KB
Entfernte Cookies: tags.qservz.com 0KB
Entfernte Cookies: ad3.adfarm1.adition.com 0KB
Entfernte Cookies: track.adform.net 0KB
Entfernte Cookies: adform.net 0KB
Entfernte Cookies: yieldlab.net 0KB
Entfernte Cookies: pixel.rubiconproject.com 0KB
Entfernte Cookies: server.adformdsp.net 0KB
Entfernte Cookies: adformdsp.net 0KB
Entfernte Cookies: cleverbridge.com 0KB
Entfernte Cookies: shop.emsisoft.com 0KB
Entfernte Cookies: file.net 0KB
Entfernte Cookies: www.avs4you.com 0KB
Entfernte Cookies: techfacts.de 0KB
Entfernte Cookies: www.techfacts.de 0KB
Entfernte Cookies: xplosion.de 0KB
Entfernte Cookies: gmx.ch 0KB
Entfernte Cookies: navigator.gmx.net 0KB
Entfernte Cookies: newtention.net 0KB
Entfernte Cookies: tuneup.de 0KB
Entfernte Cookies: www.tuneup.de 0KB
Entfernte Cookies: s.zoomerang.com 0KB
Entfernte Cookies: zoomerang.com 0KB
Entfernte Cookies: surveymonkey.com 0KB
Entfernte Cookies: avg.com 0KB
Entfernte Cookies: filepony.de 0KB
Entfernte Cookies: grass.ch 0KB
Entfernte Cookies: openx.tagblattmedien.ch 0KB
Entfernte Cookies: c.ch.msn.com 0KB
Entfernte Cookies: h.atdmt.com 0KB
Entfernte Cookies: h.live.com 0KB
Entfernte Cookies: trf.greatviews.de 0KB
Entfernte Cookies: www.trojaner-board.de 0KB
Entfernte Cookies: imagesrv.adition.com 0KB
Entfernte Cookies: www.youtube.com 0KB
Entfernte Cookies: www.google.ch 0KB
Entfernte Cookies: secure.shared.live.com 0KB
Entfernte Cookies: ssl.xplosion.de 0KB
Entfernte Cookies: isearch.avg.com 0KB
C:\Users\karren\AppData\Roaming\Mozilla\Firefox\Profiles\yk1yyzpt.default\downloads.sqlite 64KB
C:\Users\karren\AppData\Roaming\Mozilla\Firefox\Profiles\yk1yyzpt.default\sessionstore.js 4KB
C:\Users\karren\AppData\Roaming\Mozilla\Firefox\Profiles\yk1yyzpt.default\sessionstore.bak 60KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 44KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 264KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 1'032KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 4'104KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001 27KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002 57KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003 18KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004 44KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cache\index 257KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal 5KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal 1KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 5KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal 11KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-10-journal 16KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\History-journal 16KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 2KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal 1KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 13KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal 3KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-10 36KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-10-journal 16KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Archived History 56KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Visited Links 128KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 3KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Top Sites 20KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache 2KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor 5KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\BAA7.tmp 148KB
C:\Users\karren\AppData\Local\Google\Chrome\User Data\Default\Current Session 5KB
C:\Users\karren\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst 9KB
C:\Users\karren\AppData\Local\Microsoft\OIS\OIScatalog.cag 1KB
C:\Users\karren\AppData\Local\Microsoft\OIS\thumbnails\34E4FDB7-1.jpg 10KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Basteln und Nähen.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Das WIR in unserer Familie.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Eigene Dokumente.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\erste Mappe.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\index.dat 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Karen 2.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Karen.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Karreen Dateien.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Puppenpflasterli.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Schreibübungen.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Taufe.LNK 2KB
C:\Users\karren\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata00.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata01.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata02.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata03.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata04.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata05.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata06.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata07.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata08.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata09.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata10.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata11.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata12.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata13.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata14.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata15.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata16.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata17.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata18.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmdata19.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt01.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt02.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt03.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt04.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt05.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt06.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt07.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt08.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt09.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt10.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt11.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt12.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt13.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt14.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt15.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt16.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt17.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt18.sqm 1KB
C:\Users\karren\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt19.sqm 1KB
C:\Users\karren\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog 0KB
C:\Users\karren\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog.bak 0KB
Entfernte Cookies: admin.brightcove.com 0KB
Entfernte Cookies: aieshare.com 0KB
Entfernte Cookies: bajasu.com 0KB
Entfernte Cookies: banashare.com 0KB
Entfernte Cookies: cdn.adnxs.com 0KB
Entfernte Cookies: chatango.com 0KB
Entfernte Cookies: hosted.x-art.com 0KB
Entfernte Cookies: imgdn.net 0KB
Entfernte Cookies: internettv.ch 0KB
Entfernte Cookies: maps-4-u.com 0KB
Entfernte Cookies: picmonkey-prod.a.ssl.fastly.net 0KB
Entfernte Cookies: s.ytimg.com 0KB
Entfernte Cookies: secureinclude.ebaystatic.com 0KB
Entfernte Cookies: siylvi.de 0KB
Entfernte Cookies: ssl.hurra.com 0KB
Entfernte Cookies: www.ikea.com 0KB
Entfernte Cookies: www.kindgirls.com 0KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\admin.brightcove.com\analytics.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgekey.net\csma\plugin\csma.swf\Akamai_AnalyticsMetrics_clientId.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\admin.brightcove.com\[[IMPORT]]\snackomat.snacktv.de\SnackTVAdRules.swf\SnackTV.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aieshare.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bajasu.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#banashare.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.adnxs.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\chatango.com\fixed_id.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\chatango.com\mini_login.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chatango.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hosted.x-art.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\imgdn.net\fsipages___2Fdbl__2FGlobalPDF__2Fwohnideen__5F2011__2Fch__5Fde__2F.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imgdn.net\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\internettv.ch\analytics.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#internettv.ch\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\maps-4-u.com\lso.swf\e.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#maps-4-u.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\picmonkey-prod.a.ssl.fastly.net\machine.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#picmonkey-prod.a.ssl.fastly.net\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\secureinclude.ebaystatic.com\ebayLSO.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\secureinclude.ebaystatic.com\ebayT.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\siylvi.de\analytics.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#siylvi.de\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\ssl.hurra.com\restore.hurra.com.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ssl.hurra.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\www.ikea.com\ms\flash\rooms_ideas\mpa2\MPA2.swf\IKEA_MPA2.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ikea.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KB2GL43K\www.kindgirls.com\com.jeroenwijering.sol 1KB
C:\Users\karren\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.kindgirls.com\settings.sol 1KB
C:\Users\karren\AppData\Roaming\vlc\art\artistalbum\Adonia\Motiviert zum Lobpriis 1\art.jpg 11KB
C:\ProgramData\Microsoft\eHome\logs\FirstRun.log 3KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\avesvc.log 510KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\avguard.log 625KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20121024-011434-BCD731B6.LOG 13KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\sched.log 210KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\setup.log 24KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\setup00.log 7KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\setup01.log 117KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-08-28-17-28-35.log 3KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-08-31-09-42-22.log 30KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-09-30-10-06-10.log 44KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-02-19-58-16.log 31KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-05-09-17-21.log 29KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-07-17-57-03.log 30KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-09-13-45-08.log 28KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-13-10-03-32.log 50KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-14-10-03-31.log 66KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-15-10-30-37.log 25KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-16-10-30-37.log 41KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-18-18-52-41.log 43KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-19-19-52-58.log 25KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-21-20-50-34.log 39KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-23-16-25-11.log 38KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-24-23-11-55.log 37KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\Upd-2012-10-25-23-11-57.log 25KB
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\webguard.log 246KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{0837DF04-ED8B-4526-BADD-22A36D6E83C9} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{37134EFE-FCD2-4FB0-BCDE-0541C1B06260} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{6A451A08-5DE0-4C3E-85D2-D52A0091F85B} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{01225DE7-0DE3-4ACC-8CCD-674B8DDF5447} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0355BFE9-58D9-4FE8-903C-AB0EAC861CE3} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05F1E1D2-ACF8-4829-9A85-C0891FD3984B} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1EEF15D8-508A-4496-9619-583EB3716705} 10KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{22F47E42-1323-489A-9E7E-B0240D7B5474} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2DB34C13-D68E-4BBB-8CE3-BFF5AA35CC9C} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4491F9DB-D1CD-40D7-B6EC-02F0AF9BF5F5} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{50A942A5-A410-42FC-AF14-97D849C88664} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5A43B584-41BE-41D9-989B-24B290677636} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5EBF2A0D-711F-48B1-9229-70A123B240AB} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6C3C4FF0-C6CF-4A29-8401-C92D63126A45} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7AB82502-CC16-4ADE-A53A-8B3BE266FA69} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7B2645FB-74FA-4B65-A052-B61E95A76576} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7EFBE6D6-8D0F-441F-B295-C4CAD3DC8BBC} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{85B742CD-7C04-496B-B095-F13000B02B0D} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8F66EF7E-38CE-4749-BAC6-8B1204B88DA2} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{93958B9F-7CEA-458E-ADF7-F401F10684D8} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9D8A715D-FAD3-484E-999A-634A9C129ADB} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6FE7E65-C78B-4E13-A076-B394D37DB631} 10KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A91F2D58-1B24-4206-903C-B185EA856ECB} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B784B835-A2EC-434B-82E9-DBB0075AFFE2} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C38571D8-36FD-4059-8140-614D25639848} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CEBF48E8-B33A-44F6-8831-13AFDAFBF3D8} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DA575B60-6A3F-40BF-A511-1B91489F8F92} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E082672D-8C33-4127-8229-04C19DE7F3D8} 9KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E23633D7-D33A-4180-BC54-0B2DC6A4BAB8} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E427EB6B-DBE8-430C-A093-E0E7BF9F7D8A} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ECCFDEFA-64A6-484E-B19E-9A3072AA2D86} 10KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EF44E873-9A3D-435A-9111-A5B9D87B2202} 8KB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F91C3484-E939-4C84-9512-4400DB7AA8D9} 8KB
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003F.log 1'024KB


Also ich kenn mich ja nu wirklich GAR nicht mit sowas aus, aber scheint mir ziemlich lang, die Liste :glaskugel:

Hm, ich glaub, alles was mit Videos anschauen zu tun hat, kann runter. Weil der Laptop gibt eh keinen Ton von sich, ausser beim Hochfahren das komische Signal. Ansonsten hats nur Stummfilme. Aber keine Ahnung, woran das liegt.
Ist das Teil überhaupt noch zu retten? Oder rentierts nur noch, Fenster auf und raus damit??? (wohne im Erdgeschoss ;) )

markusg 29.10.2012 20:15
hi
du hast nicht das mit dem ccleaner gemacht, was ich wollte, lies bitte noch mal

Karen 29.10.2012 23:34
Hi Markusg
Ha ha... viel Arbeit gemacht für nix... :stirn:
Hoffe, Du hattest ein schönes Wochenende :bussi:

Hier das, was ich machen sollte (und diesmal hoffentlich richtig :zunge:)






Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.10.2012 6.00MB 11.4.402.287 unbekannt
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 25.10.2012 121MB 10.1.4notwendig
Apple Application Support Apple Inc. 20.06.2012 61.0MB 2.1.9 unbekannt
Apple Mobile Device Support Apple Inc. 20.06.2012 24.4MB 5.2.0.6 unbekannt
Apple Software Update Apple Inc. 20.06.2012 2.38MB 2.1.3.127 unbekannt (evt iTunes?)
Avira Free Antivirus Avira 12.09.2012 109MB 12.0.0.1199 notwendig??? Habe auf dem anderen Lappi Norton Kaufversion, könnte ich hier auch drauf tun.
Avira SearchFree Toolbar plus Web Protection Ask.com 09.08.2012 4.67MB 1.15.4.0 unnötig
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 09.08.2012 1.3.0.23930 unnötig
Belkin Desktop PCI Card Driver Belkin 19.06.2012 1.12.0005 unbekannt
Bing Bar Microsoft Corporation 08.08.2012 24.2MB 7.0.619.0 unbekannt
Bonjour Apple Inc. 20.06.2012 0.98MB 3.0.0.10 unbekannt
CCleaner Piriform 24.10.2012 3.24 notwendig
Driver Checker v2.7.5 driverchecker.com, Inc. 22.06.2012 2.7.5 unbekannt
Google Chrome Google Inc. 26.10.2012 22.0.1229.96 notwendig?
iTunes Apple Inc. 22.06.2012 183MB 10.6.3.25 notwendig
Java 7 Update 9 Oracle 15.09.2012 128MB 7.0.90 notwendig?
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 26.10.2012 19.4MB 1.65.1.1000 notwendig?
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 20.06.2012 38.8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 20.06.2012 2.93MB 4.0.30319 unbekannt
Microsoft Office Enterprise 2007 Microsoft Corporation 04.07.2012 12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 28.07.2012 7.95MB 14.0.5130.5003 unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 26.07.2012 508KB 2.0.4024.1 unbekannt
Microsoft Office Outlook Connector Microsoft Corporation 08.08.2012 3.36MB 14.0.5118.5000 unnötig
Microsoft Silverlight Microsoft Corporation 09.08.2012 40.3MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 08.08.2012 1.69MB 3.1.0000 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 23.06.2012 16.5MB 10.0.40219 unbekannt
Mozilla Firefox 16.0.2 (x86 de) Mozilla 27.10.2012 38.5MB 16.0.2 notwendig? oder besser google chrome?
Mozilla Maintenance Service Mozilla 27.10.2012 329KB 16.0.2 unbekannt
SlimDrivers SlimWare Utilities, Inc. 19.06.2012 25.4MB 2.2.20441 unbekannt, evt vom USB Stick?
TomTom HOME 2.8.4.2596 TomTom 23.06.2012 2.8.4.2596 notwendig
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 23.06.2012 1.88MB 1.0.2 unbekannt
VLC media player 2.0.1 VideoLAN 20.06.2012 2.0.1 unbekannt
Windows Live Essentials Microsoft Corporation 08.08.2012 15.4.3555.0308 unbekannt
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 08.08.2012 5.57MB 15.4.5722.2 unbekannt
WinTools.net 12.1.1 Ultimate WinTools Software Engineering, Ltd. 20.06.2012 14.3MB unbekannt





Ich weiss nicht, was von den ganzen Programmen wofür gebraucht wird. Ich hab auch keine Ahnung, warum ich keine Tonausgabe habe (ausser Startton). Stummfilme???
:wtf:

markusg 30.10.2012 00:04
hi
macht ja nichts.
jo mein we war ok, deins?
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree : beide
Bing
Driver Checker
Google Chrome
Microsoft Silverlight
Windows Live : alle die, die ihr nicht verwendet.

öffne otl. bereinigen, pc startet neu.
öffne ccleaner, analysieren, starten, pc neustarten.
was meinst du mit, du hast nur den startton?
nur den, wenn der pc frisch startet?
hast du weder im internet, noch vlc player, noch windows media player ton?
am besten mit ner mp3 testen

Karen 30.10.2012 00:11
hey
meine Tage sind immer streng, auch das WE (meine Kleine Tochter will immer voll animiert werden- von morgens halb 7 an :pfui:)
juhui... na jetzt hab ich ordentlich zu tun :lach:
da wirds mir wohl nicht langweilig heut Nacht :kaffee:
Ja, genau das meinte ich. Wenn er hochfährt, hab ich diese Starttonmelodie. Ansonsten schweigt mich der Lappi an :headbang:
Egal, was ich hören will...
Hi hi, egal, was das ist, das brauch ich auch für meine Kleine :Boogie:

markusg 30.10.2012 00:14
hehe
also, kannst du mal testen, ob das im media player, vlc player und internet so ist?
auch mal aufs lautsprecher symbol klicken und gucken ob stumm geschalten wurde

Karen 30.10.2012 00:23
Hab jetzt mal alles ausprobiert, scheint am Gerät zu liegen. (also doch... Fenster auf und raus mit der Krücke :kloppen: ...obwohl... jetzt, wo Du Dir so viel Mühe damit gemacht hast... :bussi:)
Lautsprechersymbol hat ein rotes Kreuzchen dran. Hab grad mal versucht, den Treiber neu zu installieren, hats aber abgebrochen. Geht nich :daumenrunter:
Naja, ich weiss, falsches Unterforum :twak:
hihi

markusg 30.10.2012 00:29
gibts ne fehlermeldung bei treiber instalation?
kannst du mal im gerätemanager gucken, was dort für die soundkarte angezeigt wird? gibts probleme die dort angezeigt werden im geräte manager?

Karen 30.10.2012 00:39
Fehlermeldung war irgendwas mit es liegt am Gerät und ich soll den Gerätehersteller kontaktieren. :eek:

Hab da was gefunden "high Definition Audio Gerät" auf Pfad 0
das Gerät kann nicht gestartet werden (Code 10)

Sagt mir zwar <3 lich wenig, aber war das einzige mit "Audio". :glaskugel:

Arrrrrrrrgh..... kann den Adobe Reader nicht installieren... :aufsmaul:
immer bei 40% brichts mir wieder ab wegen Zeitüberschreitung :headbang:
grrrrr... versuchs morgen weiter, mag jetzt nicht mehr!!! :lmaa:
Gute Nacht... und danke schön (bis hierhin :bussi:)

Ha ha... heutiger 1. Versuch: bei 61% abgebrochen... aber habs letztendlich nach x Versuchen doch noch geschafft
juhuiiiiii :taenzer::taenzer::taenzer:

So, hab jetzt Deine Liste abgearbeitet. Puuuh... war ganz schön viel :wtf:
OTL, Kasparsky haben sich selber entfernt (?)
Malwarebites und CCleaner sind noch drauf. Soll ich die drauf lassen? Hat ja auch noch den Avira (gratisversion) drauf.
Ansonsten könnt ich auch die Kaufversion vom Norton raufladen, habs eh schon gekauft für meinen neuen Lappi und kanns auf bis zu 3 PCs laden. :huepp:

wär mit dem alten (Lappi mein ich :lach:) sonst noch was zu machen?
(PS: alles heut nochmal probiert, immer noch kein Ton. Aber gibt wichtigeres :blabla::pfeiff:)

Ich hätte da mal noch ne Frage:
Immer, wenn ich auf Mozilla Firefox gehe, bekomme ich nicht die Firefox Seite, sondern eine Avira- Seite. (search.avira.com/?l=dis&o=APN10396&gct=hp&dc=EU&locale=de_CH )
Find ich zwar nicht soooo schlimm, aber bekommt man das wieder weg?
Fragen über Fragen... :zunge:

Karen 31.10.2012 21:27
Hallo Markusg

Was meinst Du, sollen wir dann noch den 2. Laptop angehen? Oder ist mit dem 1. noch was zu machen?

markusg 02.11.2012 18:14
hi
dann packe norton drauf, deinstaliere avira und gucke das auch die avira searchfree toolbar weg ist, ist sie das, gehe auf firefox, extras optionen und endere die startseite.
bei
high Definition Audio
rechtsklick, deinstalieren, pcneustarten und neuen treiber instalieren

Karen 05.11.2012 13:46
Hallo Markus
Laptop 1 wär jetzt abgeschlossen. Hat alles geklappt, ausser das mit dem Sound. Wahrscheinlich muss ich eine neue Soundkarte kaufen, aber das eilt nicht.
Vielen Dank für Deine Hilfe und Geduld :bussi:

Was meinst Du, hast Du noch Zeit, Lust und Nerven, den 2. Laptop durchzugehen?
Er ist noch keine 3 Monate alt, sollte also noch nicht so zugemüllt sein. Allerdings wird er in den letzten Tagen auch immer langsamer. Vielleicht hat der ja eine Malware eingefangen? Weil das mit den Spams von meinem E- Mail Account hat leider noch nicht aufgehört.

markusg 05.11.2012 14:39
hi
endere mal alle passwörter und passwort vergessens fragen vom jetzt sauberen gerät.
und nutze die nur dort.
dann schaue, ob jemand auf das mail konto zugreift.
wegen der soundkarte, melde dich mal im bereich, alles rund um windows.
für gerät2 hätte ich gern ein aktuelles otl log

Karen 05.11.2012 17:59
Soll ich das OTL Log ohne Text machen, oder soll ich den Text vom 1. Laptop reinkopieren? (Custom Scan?)

hier mal das (leere) OTL Log:OTL Logfile:
Code:
OTL logfile created on: 05.11.2012 20:41:04 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 67.71% Memory free
7.68 Gb Paging File | 6.39 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.84 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DCDhcpService) -- C:\Program Files (x86)\Packard Bell\WDAgent\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121104.006\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121104.006\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121102.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.31 02:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.11.05 20:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:05:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.30 20:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Extensions
[2012.10.24 22:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Firefox\Profiles\53ma42j5.default\extensions
[2012.10.27 21:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 21:05:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF578646-D169-4BC9-B687-AF9D87C9FEFE}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD69EC8B-9D13-4BD4-96F3-AE98911D6F63}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.05 19:58:07 | 002,961,472 | ---- | C] (Symantec Corporation) -- C:\Users\Karen\Desktop\NPE(2).exe
[2012.11.05 18:30:11 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2012.11.05 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\NPE
[2012.10.28 23:49:48 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\ElevatedDiagnostics
[2012.10.28 23:42:34 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Microsoft Help
[2012.10.28 23:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.10.28 13:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.28 13:02:04 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.10.28 13:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.27 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\LOGs
[2012.10.25 22:18:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.17 21:15:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.10.10 10:48:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 10:48:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 10:48:24 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 10:48:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 10:48:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 10:48:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 10:48:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 10:48:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 10:48:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 10:48:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 10:48:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 10:48:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 10:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 10:48:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 10:48:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 10:48:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 10:48:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 10:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 10:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 10:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 10:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 10:48:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 10:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 10:48:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 10:47:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 10:47:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.07 20:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.10.07 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.07 17:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.07 17:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.10.07 17:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.10.07 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.10.07 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.05 20:26:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 20:26:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 20:23:22 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.05 20:23:22 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.05 20:23:22 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.05 20:23:22 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.05 20:23:22 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.05 20:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.05 20:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.05 20:18:53 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.05 19:58:08 | 002,961,472 | ---- | M] (Symantec Corporation) -- C:\Users\Karen\Desktop\NPE(2).exe
[2012.11.05 18:30:11 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2012.10.30 20:38:08 | 000,004,368 | ---- | M] () -- C:\Users\Karen\Documents\KiMa Sponsoring Exel.ods
[2012.10.28 20:03:52 | 001,566,254 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.10.28 13:02:05 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.25 22:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.17 07:18:58 | 000,002,504 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.10.16 17:46:47 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121008.022
[2012.10.09 21:20:31 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 21:20:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.07 20:31:09 | 000,002,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 20:31:08 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 17:48:01 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.28 23:43:23 | 000,004,368 | ---- | C] () -- C:\Users\Karen\Documents\KiMa Sponsoring Exel.ods
[2012.10.28 13:02:05 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.07 17:48:01 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.07 17:37:51 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 17:37:51 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 17:37:49 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.19 19:38:03 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.07 23:46:50 | 000,000,579 | ---- | C] () -- C:\Users\Karen\AppData\Local\cookies.ini
[2012.03.14 09:58:19 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.14 09:58:19 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.14 09:58:15 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.14 09:58:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 09:58:08 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2012.08.31 02:19:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Screensaver
[2012.09.13 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SNS
[2012.10.30 23:40:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2012.09.19 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


undOTL Logfile:
Code:
OTL Extras logfile created on: 05.11.2012 20:41:04 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 67.71% Memory free
7.68 Gb Paging File | 6.39 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.84 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F763B9-9758-4481-B1C6-D2C5CA92D67D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{134842F0-2155-4FFD-9129-13F0B53E2DD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13B85541-41BD-4316-9B1B-CDD80536D8A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{174F20B2-34FD-4B44-80E4-7618D0A02558}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F8D578C-69D3-4B71-AEE2-F9FCBD368581}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DC81218-83C3-4B4B-8D86-18F05B2041BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A421886-D290-4DE9-974B-16F515F75658}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{623561AC-5B71-4C40-A479-8CEF3B0FBCA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DD0E0A2-3A56-4F14-91D2-07D486F6FFBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F238A23-CD78-4982-A201-9D3B71DA1636}" = lport=139 | protocol=6 | dir=in | app=system |
"{9044D1B7-829B-4B25-B3AD-A726CF82E8E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97DE09DD-CD32-4915-88DD-2FD3D218D492}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\packard bell\wdagent\dcdhcpservice.exe |
"{9A2776B1-5157-4E96-877F-0D15E33F7795}" = rport=138 | protocol=17 | dir=out | app=system |
"{A18C3AE6-11EE-4E69-86E9-E9FD7C29C6BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{AB18A11F-0964-4825-94BD-5BFBFDEC2708}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B63AA9FC-1075-4579-AB70-A21161426659}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7CF1D52-D878-4252-ABFC-11379801A318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7F098A0-5AFD-490C-8AC5-F443F62EC7B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA9CB456-ACAB-41F4-893E-9EB1A1E0639C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C07F94A7-FB81-4A99-BF77-DFF845B67FEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB99FD62-99AA-4A06-AC1A-9563724F1642}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC3BD464-B720-4BAD-B64A-0D6B8767C343}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D93C3F73-C74B-4258-93B0-3FC4734B9493}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E56D981F-715F-4C3D-A242-0907D361772C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2CC9E9D-2A6D-4467-8583-30AFB814B7DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4209C04-7963-4A92-838E-413EAD2EC313}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024DE54E-3770-4A97-B227-CE481EFB6895}" = protocol=6 | dir=out | app=system |
"{0AAC1301-E063-47A2-8B38-B267E5DE9BF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F7236BF-10AF-40D6-9FA0-17E1D682C4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1398A764-64D7-42EC-9460-85A32F88D422}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{19C9BFF4-1FAA-4BB4-A7FA-1CDA4D909B63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{240EC51C-0767-45CF-BCAA-630A3059B0B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27A62828-0E08-4CB4-AB47-BD04D3B0275F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B9C1FCA-7DC1-4198-9402-5B0B86522897}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3D6BC417-2212-42FE-A78F-A6B5A734DF2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D9F83A2-7D2A-48E8-8CA4-2DC5D7D584EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{414BA3AD-50FD-4F99-B3D3-EBEC1EED0E36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{434BEABD-1049-488B-8351-70E4B5941BA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46D7EB93-CA73-43C8-8E56-C592A93EABBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EDCECE0-0929-4372-8E5D-476978EC592A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6266EF55-6A56-42F4-985B-DE7E9AFFD23B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79D9E2E0-98CB-4AFB-8770-3DEFF3069765}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C662BD4-0EA1-4A33-BAD0-FB2E6C828592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81743C1C-305B-46C4-951D-103210EB22B4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{82C27511-7C43-46FC-9BD6-282FD8C98ED2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{862E8706-E53B-4C06-9BD0-444D862749CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B1A49AF-CB46-41CB-B1C4-713F366FF3C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C276B38-1F71-4CE1-8B63-A6EDF237EADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B344770C-4D05-46A4-96CD-5C68D97E2787}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B525331A-BC4A-4B17-A19C-BA272D4889C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF2A0E92-2DD0-4CAA-8815-56ACC630C1D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5231DAD-456A-4E86-ADB5-8CB53EE46DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC229A02-354C-4DF8-A994-D21735D019AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F39D4906-67AA-4B07-B626-D067882BB283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB15C26A-F994-4F7F-9DF7-4E8EE4521855}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"ifolor-Designer" = ifolor Designer
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-005f3837-c456-468a-a3ea-4edb997096c9" = Bejeweled 3
"WTA-09fbe498-f724-44c8-b703-22c080a4ec0d" = Zuma Deluxe
"WTA-321015b6-5dbd-4937-a70f-698615ebe5ba" = Plants vs. Zombies - Game of the Year
"WTA-3e9b7342-48ff-4ec5-b0a9-f78c8237283c" = FATE
"WTA-44587edb-08b8-4351-9ce9-bf0833407fa2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-44c6b830-c6c0-4449-ae4c-e8d136453d4c" = Penguins!
"WTA-4510cdb9-4b53-42ee-8985-03c16b791fed" = Polar Bowler
"WTA-4c6be03c-bbc6-4f1f-ad62-3c55351bf2ab" = Chuzzle Deluxe
"WTA-4d2ff374-f65f-46e3-99f2-d7d21a50a383" = Torchlight
"WTA-5fc9f2ae-2d35-4556-bf28-def80ed6895b" = Slingo Deluxe
"WTA-6bf0bdb7-f5bf-49be-9518-fefc1877b4e8" = Agatha Christie - Death on the Nile
"WTA-75d03f6b-a3f1-4653-a778-edcac5e36298" = Final Drive: Nitro
"WTA-93dae18b-86cb-4803-9c15-d87611f47155" = Wedding Dash
"WTA-a1fd9225-14a0-4695-b3ba-1baaa8927c7b" = John Deere Drive Green
"WTA-afc48264-2b64-44d9-aabb-818c5ec6c802" = Jewel Match 3
"WTA-b8240454-15a3-433e-bfb2-d8bc94bc5b4b" = Virtual Villagers 4 - The Tree of Life
"WTA-c81411f9-b5d9-4937-b368-d235e6e2941e" = Insaniquarium Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2012 15:32:13 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 31.10.2012 16:19:29 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 01.11.2012 17:45:39 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.11.2012 12:35:00 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.11.2012 17:53:49 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 08:41:06 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 12:56:39 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 13:31:46 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 15:00:09 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 15:19:18 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:49:45 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:49:45 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:06:13 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:06:13 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:28:44 | Computer Name = Karen-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
 
< End of report >
--- --- ---

Interessant ist auch noch, dass mir vorhin nach dem booten das Norton Alarm gegeben hat, es habe einen Fehler 3048,3 gefunden (Crimewear), die es aber nicht so beheben könne. Darum sollte ich den Norton Power Eraser downloaden, um ein Rootkit Scan zu machen.
Download ging gut, aber den Scan hats immer wieder abgebrochen. Habs jetzt schon mehrmals versucht, immer das gleiche Ergebnis.

Karen 05.11.2012 21:49
Hier nochmal die LOGs, nachdem ich die Häkchen laut Anweisung richtig gesetzt hab:OTL Logfile:
Code:
OTL logfile created on: 05.11.2012 21:37:57 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.66% Memory free
7.68 Gb Paging File | 6.21 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.84 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Karen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DCDhcpService) -- C:\Program Files (x86)\Packard Bell\WDAgent\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121105.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121105.003\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121102.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.31 02:21:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.11.05 20:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:05:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.30 20:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Extensions
[2012.10.24 22:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karen\AppData\Roaming\mozilla\Firefox\Profiles\53ma42j5.default\extensions
[2012.10.27 21:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 21:05:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1919032238-3396424804-3884484894-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF578646-D169-4BC9-B687-AF9D87C9FEFE}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD69EC8B-9D13-4BD4-96F3-AE98911D6F63}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.05 19:58:07 | 002,961,472 | ---- | C] (Symantec Corporation) -- C:\Users\Karen\Desktop\NPE(2).exe
[2012.11.05 18:30:11 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2012.11.05 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\NPE
[2012.10.28 23:49:48 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\ElevatedDiagnostics
[2012.10.28 23:42:34 | 000,000,000 | ---D | C] -- C:\Users\Karen\AppData\Local\Microsoft Help
[2012.10.28 23:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.10.28 13:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.28 13:02:04 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.10.28 13:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.28 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.27 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Karen\Desktop\LOGs
[2012.10.25 22:18:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.17 21:15:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.10.10 10:48:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 10:48:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 10:48:24 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 10:48:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 10:48:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 10:48:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 10:48:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 10:48:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 10:48:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 10:48:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 10:48:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 10:48:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 10:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 10:48:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 10:48:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 10:48:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 10:48:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 10:48:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 10:48:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 10:48:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 10:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 10:48:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 10:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 10:48:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 10:48:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 10:48:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 10:48:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 10:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 10:48:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 10:47:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 10:47:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.07 20:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.10.07 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.07 17:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.07 17:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.10.07 17:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.10.07 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.10.07 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.05 21:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.05 20:26:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 20:26:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 20:23:22 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.05 20:23:22 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.05 20:23:22 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.05 20:23:22 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.05 20:23:22 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.05 20:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.05 20:18:53 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.05 19:58:08 | 002,961,472 | ---- | M] (Symantec Corporation) -- C:\Users\Karen\Desktop\NPE(2).exe
[2012.11.05 18:30:11 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2012.10.30 20:38:08 | 000,004,368 | ---- | M] () -- C:\Users\Karen\Documents\KiMa Sponsoring Exel.ods
[2012.10.28 20:03:52 | 001,566,254 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.10.28 13:02:05 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.25 22:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karen\Desktop\OTL.exe
[2012.10.17 07:18:58 | 000,002,504 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.10.16 17:46:47 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121008.022
[2012.10.09 21:20:31 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 21:20:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.07 20:31:09 | 000,002,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 20:31:08 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 17:48:01 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.28 23:43:23 | 000,004,368 | ---- | C] () -- C:\Users\Karen\Documents\KiMa Sponsoring Exel.ods
[2012.10.28 13:02:05 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.07 17:48:01 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.07 17:37:51 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.10.07 17:37:51 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.10.07 17:37:49 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.19 19:38:03 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.07 23:46:50 | 000,000,579 | ---- | C] () -- C:\Users\Karen\AppData\Local\cookies.ini
[2012.03.14 09:58:19 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.14 09:58:19 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.14 09:58:15 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.14 09:58:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 09:58:08 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.27 09:45:28 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Screensaver
[2012.08.30 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\OpenOffice.org
[2012.08.31 02:19:06 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\Screensaver
[2012.09.13 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SNS
[2012.10.30 23:40:09 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\SoftGrid Client
[2012.09.19 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Karen\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


undOTL Logfile:
Code:
OTL Extras logfile created on: 05.11.2012 21:37:57 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Karen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.66% Memory free
7.68 Gb Paging File | 6.21 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.99 Gb Total Space | 224.84 Gb Free Space | 79.45% Space Free | Partition Type: NTFS
 
Computer Name: Karen-PC | User Name: Karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1919032238-3396424804-3884484894-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F763B9-9758-4481-B1C6-D2C5CA92D67D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{134842F0-2155-4FFD-9129-13F0B53E2DD9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13B85541-41BD-4316-9B1B-CDD80536D8A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{174F20B2-34FD-4B44-80E4-7618D0A02558}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F8D578C-69D3-4B71-AEE2-F9FCBD368581}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DC81218-83C3-4B4B-8D86-18F05B2041BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A421886-D290-4DE9-974B-16F515F75658}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{623561AC-5B71-4C40-A479-8CEF3B0FBCA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DD0E0A2-3A56-4F14-91D2-07D486F6FFBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F238A23-CD78-4982-A201-9D3B71DA1636}" = lport=139 | protocol=6 | dir=in | app=system |
"{9044D1B7-829B-4B25-B3AD-A726CF82E8E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97DE09DD-CD32-4915-88DD-2FD3D218D492}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\packard bell\wdagent\dcdhcpservice.exe |
"{9A2776B1-5157-4E96-877F-0D15E33F7795}" = rport=138 | protocol=17 | dir=out | app=system |
"{A18C3AE6-11EE-4E69-86E9-E9FD7C29C6BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{AB18A11F-0964-4825-94BD-5BFBFDEC2708}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B63AA9FC-1075-4579-AB70-A21161426659}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7CF1D52-D878-4252-ABFC-11379801A318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7F098A0-5AFD-490C-8AC5-F443F62EC7B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA9CB456-ACAB-41F4-893E-9EB1A1E0639C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C07F94A7-FB81-4A99-BF77-DFF845B67FEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB99FD62-99AA-4A06-AC1A-9563724F1642}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC3BD464-B720-4BAD-B64A-0D6B8767C343}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D93C3F73-C74B-4258-93B0-3FC4734B9493}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E56D981F-715F-4C3D-A242-0907D361772C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2CC9E9D-2A6D-4467-8583-30AFB814B7DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4209C04-7963-4A92-838E-413EAD2EC313}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024DE54E-3770-4A97-B227-CE481EFB6895}" = protocol=6 | dir=out | app=system |
"{0AAC1301-E063-47A2-8B38-B267E5DE9BF6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F7236BF-10AF-40D6-9FA0-17E1D682C4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1398A764-64D7-42EC-9460-85A32F88D422}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{19C9BFF4-1FAA-4BB4-A7FA-1CDA4D909B63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{240EC51C-0767-45CF-BCAA-630A3059B0B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27A62828-0E08-4CB4-AB47-BD04D3B0275F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B9C1FCA-7DC1-4198-9402-5B0B86522897}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3D6BC417-2212-42FE-A78F-A6B5A734DF2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D9F83A2-7D2A-48E8-8CA4-2DC5D7D584EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{414BA3AD-50FD-4F99-B3D3-EBEC1EED0E36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{434BEABD-1049-488B-8351-70E4B5941BA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46D7EB93-CA73-43C8-8E56-C592A93EABBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EDCECE0-0929-4372-8E5D-476978EC592A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6266EF55-6A56-42F4-985B-DE7E9AFFD23B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79D9E2E0-98CB-4AFB-8770-3DEFF3069765}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C662BD4-0EA1-4A33-BAD0-FB2E6C828592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81743C1C-305B-46C4-951D-103210EB22B4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{82C27511-7C43-46FC-9BD6-282FD8C98ED2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{862E8706-E53B-4C06-9BD0-444D862749CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9B1A49AF-CB46-41CB-B1C4-713F366FF3C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C276B38-1F71-4CE1-8B63-A6EDF237EADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B344770C-4D05-46A4-96CD-5C68D97E2787}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B525331A-BC4A-4B17-A19C-BA272D4889C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF2A0E92-2DD0-4CAA-8815-56ACC630C1D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5231DAD-456A-4E86-ADB5-8CB53EE46DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC229A02-354C-4DF8-A994-D21735D019AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F39D4906-67AA-4B07-B626-D067882BB283}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB15C26A-F994-4F7F-9DF7-4E8EE4521855}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FE8FF1DC-90A3-A976-4ED7-43C280CEC0E0}" = Fooz Kids
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FoozKids" = Fooz Kids
"Identity Card" = Identity Card
"ifolor-Designer" = ifolor Designer
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-005f3837-c456-468a-a3ea-4edb997096c9" = Bejeweled 3
"WTA-09fbe498-f724-44c8-b703-22c080a4ec0d" = Zuma Deluxe
"WTA-321015b6-5dbd-4937-a70f-698615ebe5ba" = Plants vs. Zombies - Game of the Year
"WTA-3e9b7342-48ff-4ec5-b0a9-f78c8237283c" = FATE
"WTA-44587edb-08b8-4351-9ce9-bf0833407fa2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-44c6b830-c6c0-4449-ae4c-e8d136453d4c" = Penguins!
"WTA-4510cdb9-4b53-42ee-8985-03c16b791fed" = Polar Bowler
"WTA-4c6be03c-bbc6-4f1f-ad62-3c55351bf2ab" = Chuzzle Deluxe
"WTA-4d2ff374-f65f-46e3-99f2-d7d21a50a383" = Torchlight
"WTA-5fc9f2ae-2d35-4556-bf28-def80ed6895b" = Slingo Deluxe
"WTA-6bf0bdb7-f5bf-49be-9518-fefc1877b4e8" = Agatha Christie - Death on the Nile
"WTA-75d03f6b-a3f1-4653-a778-edcac5e36298" = Final Drive: Nitro
"WTA-93dae18b-86cb-4803-9c15-d87611f47155" = Wedding Dash
"WTA-a1fd9225-14a0-4695-b3ba-1baaa8927c7b" = John Deere Drive Green
"WTA-afc48264-2b64-44d9-aabb-818c5ec6c802" = Jewel Match 3
"WTA-b8240454-15a3-433e-bfb2-d8bc94bc5b4b" = Virtual Villagers 4 - The Tree of Life
"WTA-c81411f9-b5d9-4937-b368-d235e6e2941e" = Insaniquarium Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2012 15:32:13 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 31.10.2012 16:19:29 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 01.11.2012 17:45:39 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.11.2012 12:35:00 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.11.2012 17:53:49 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 08:41:06 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 12:56:39 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 13:31:46 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 15:00:09 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.11.2012 15:19:18 | Computer Name = Karen-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:45:30 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:49:45 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 04:49:45 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:06:13 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:06:13 | Computer Name = Karen-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.10.2012 05:28:44 | Computer Name = Karen-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
 
< End of report >
--- --- ---


Ich hoffe, jetzt passts

markusg 07.11.2012 16:54
passt.
hattet ihr noch mal das mail passwort geendert? hatts ne besserung gebracht?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Karen 07.11.2012 23:02
Hallo Markus
Hatte alle Passwörter geändert und seitdem nur noch vom sauberen Laptop Logins.
Seitdem hatte ich jetzt mal noch keine neuen SPAMS mehr.

TDSSKiller ist durchgelaufen, keine Funde. Gab auch kein LOG.
Aber wie schon geschrieben, hat mein Norton was von einer tief eingebetteten Crimeware gefunden. Konnts aber nocht aufspüren wegen angeblich instabiler Internet Verbindung (was allerdings nicht möglich ist).

Aber Laptop 2 ist jetzt wesentlich langsamer als noch vor einer Woche oder so.

Wie weiter?

markusg 08.11.2012 18:51
norton hat auf laptop 2 etwas gefunden? postest du mir die meldung(en) mal?

Karen 08.11.2012 21:23
Nach dem Hochfahren hatte mein Norton (Laptop 2) ein pop up Fenster geöffnet: Fehler 3048,3 eine tief eingebettete Crimeware erkannt. Norton kann es nicht entfernen. Bitte download von "Norton Power Eraser" zum Rootkit Scan.
Hab ich dann mehrmals versucht, download ging, aber ausführen brachs immer wieder ab wegen angeblich instabiler Internetverbindung.
Habe kein LOG oder ähnliches bekommen, und im Verlauf von Norton seh ich auch nichts besonders auffälliges. Nur meine 5 Versuche, den Rootkit scan durchzuführen.

markusg 08.11.2012 21:25
schaun wir mal.
download hitmanpro:
http://www.trojaner-board.de/99424-c...o-scannen.html
doppelklick, auf license gehen, activate testlizense wählen.
dann scan.
am ende erst einmal nichts entfernen, gehe dann auf export log, speichere das als xml und hänge es bitte an

Karen 08.11.2012 21:53
Hier das LOG vom Hitman pro:

Code:
HitmanPro 3.6.2.173
www.hitmanpro.com

  Computer name . . . . : Karen-PC
  Windows . . . . . . . : 6.1.1.7601.X64/2
  User name . . . . . . : Karen-PC\Karen
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2012-11-08 21:47:36
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 3m 37s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 0

  Objects scanned . . . : 1'158'932
  Files scanned . . . . : 16'205
  Remnants scanned  . . : 288'353 files / 854'374 keys

markusg 08.11.2012 22:03
war das alles oder fehlt da noch nen teil?

Karen 08.11.2012 22:07
Hab hier mal grad noch was auf der Norton- HP gefunden:

Fehler: "3048,3" wird im Norton-Produkt angezeigt.

Dieses Problem kann auftreten, wenn die Norton-Dienste aufgrund einer Bedrohung nicht geladen werden. Symantec empfiehlt, Norton Power Eraser herunterzuladen und auszuführen.
STEP 1
Herunterladen und Ausführen von Norton Power Eraser

Laden Sie Norton Power Eraser herunter.

img

Jetzt herunterladen
img

Klicken Sie auf "Speichern".

Wählen Sie den Desktop als Speicherort und klicken Sie dann auf "Speichern".

Um Norton Power Eraser auszuführen, doppelklicken Sie auf die Datei "NPE.exe".

Lesen Sie die Lizenzvereinbarung und klicken Sie auf "Akzeptieren".

Klicken Sie im Fenster "Norton Power Eraser" auf das Symbol "Scan auf Risiken".

Standardmäßig führt Norton Power Eraser einen Rootkit-Scan aus und erfordert einen Systemneustart. Wenn Sie aufgefordert werden, den Computer neu zu starten, klicken Sie auf "Neustart". Falls kein Rootkit-Scan durchgeführt werden soll, gehen Sie zu "Einstellungen" und deaktivieren Sie die Option "Rootkit-Scan einschließen" (Neustart erforderlich).

Warten Sie, bis der Scan abgeschlossen ist.

Schließen Sie alle Programme und starten Sie den Computer neu.

Wenn Norton Power Eraser eine Bedrohung nicht entfernen oder reparieren kann, erhalten Sie weitere Informationen von unseren Mitarbeitern des Spyware- und Virenentfernungsservice per Telefon oder Chat.

Spyware- und Virenentfernungsservice




Scheint also ein Fehlalarm zu sein? :pfui:

Nein, das ist das komplette LOG. Hab nichts unterschlagen :blabla:

markusg 08.11.2012 22:53
hi,
wenn du auf norton klickst, sind alle module als aktiev gekennzeichnet?
welche norton versionist momentan instaliert?
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Karen 08.11.2012 23:05
Ich habe die Norton Internet Security.
Und alle Reiter sind auf grün.
Ich könnt mir vielleicht doch vorstellen, dass der bewusste Fehler durch Norton selbst verursacht wurde?

markusg 08.11.2012 23:11
hi
tritt das denn bei jedem neustart auf oder nur ab und zu
die frage ist, hast du norton 2012 oder 2013?

Karen 08.11.2012 23:24
Bis jetzt ist es nur einmal aufgetreten, vor 3 Tagen.
Wo genau sehe ich, welches Norton es ist? Habe es erst am 8.Okt. gekauft (oder besser gesagt die Testversion kostenpflichtig verlängert).

Es ist Version 20.2.0.19

Hier das LOG vom Combofix:

Combofix Logfile:
Code:
ComboFix 12-11-08.01 - Karen 08.11.2012  23:14:51.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.3932.2399 [GMT 1:00]
ausgeführt von:: c:\users\Karen\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karen\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-08 bis 2012-11-08  ))))))))))))))))))))))))))))))
.
.
2012-11-08 22:24 . 2012-11-08 22:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-08 20:42 . 2012-11-08 20:42        --------        d-----w-        c:\program files\HitmanPro
2012-11-08 20:41 . 2012-11-08 20:47        --------        d-----w-        c:\programdata\HitmanPro
2012-11-05 17:22 . 2012-11-05 19:39        --------        d-----w-        c:\users\Karen\AppData\Local\NPE
2012-10-28 22:49 . 2012-10-28 22:49        --------        d-----w-        c:\users\Karen\AppData\Local\ElevatedDiagnostics
2012-10-28 22:46 . 2012-10-28 22:46        8525904        ----a-w-        c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-28 22:42 . 2012-10-28 22:42        --------        d-----w-        c:\programdata\Microsoft Help
2012-10-28 22:42 . 2012-10-28 22:42        --------        d-----w-        c:\users\Karen\AppData\Local\Microsoft Help
2012-10-28 12:02 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-28 12:01 . 2012-10-28 12:01        --------        d-----w-        c:\program files\iPod
2012-10-28 12:01 . 2012-10-28 12:02        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-28 12:01 . 2012-10-28 12:02        --------        d-----w-        c:\program files\iTunes
2012-10-28 12:01 . 2012-10-28 12:02        --------        d-----w-        c:\program files (x86)\iTunes
2012-10-27 19:49 . 2012-09-27 22:18        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-27 09:06 . 2012-03-21 07:24        407040        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe
2012-10-27 09:06 . 2010-06-02 02:58        268800        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll
2012-10-27 09:06 . 2010-06-02 02:29        934912        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll
2012-10-27 09:06 . 2011-12-16 01:30        159656        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe
2012-10-27 09:06 . 2010-07-13 13:07        7826432        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll
2012-10-27 09:06 . 2010-06-24 01:16        2150400        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll
2012-10-27 09:06 . 2010-06-02 02:28        335360        ----a-w-        c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll
2012-10-27 08:44 . 2012-10-27 08:45        --------        d-----w-        c:\users\Gast
2012-10-17 20:15 . 2012-10-17 20:15        --------        d-----r-        C:\MSOCache
2012-10-10 09:47 . 2012-09-14 19:19        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-10-10 09:47 . 2012-09-14 18:28        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-10-10 09:47 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll
2012-10-10 09:47 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll
2012-10-10 09:47 . 2012-06-02 05:41        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-10 09:47 . 2012-06-02 05:41        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-10 09:47 . 2012-06-02 05:41        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-10 09:47 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:47 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-10-10 09:47 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 20:20 . 2012-03-14 08:57        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 20:20 . 2012-03-14 08:57        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 19:21 . 2011-03-29 01:36        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 11:15 . 2012-09-25 05:41        17810944        ----a-w-        c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-25 05:41        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-25 05:41        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-25 05:41        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-25 05:41        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-25 05:41        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-25 05:41        237056        ----a-w-        c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-25 05:41        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-25 05:41        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-25 05:41        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-25 05:41        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-25 05:41        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-25 05:41        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-25 05:41        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-25 05:41        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-25 05:41        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-25 05:41        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-25 05:41        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-25 05:41        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 05:41        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 05:41        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-25 05:41        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 07:20        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:20        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:20        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:20        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 04:14        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-08-21 12:01 . 2012-08-30 19:50        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2012-08-30 19:50        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 09:48        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-02 1106512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Packard Bell\WDAgent\DCDhcpService.exe [2012-01-18 111776]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121107.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-02 355920]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2012-02-08 871296]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2012-02-29 28264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2012-02-07 255376]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 68648]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 19496]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-09-02 51752]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2012-02-10 78888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-30 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-07 238384]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-01-19 435240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-14 20:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-20 440600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\53ma42j5.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-71403948.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-08  23:40:58
ComboFix-quarantined-files.txt  2012-11-08 22:40
.
Vor Suchlauf: 6 Verzeichnis(se), 241'196'011'520 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 242'266'435'584 Bytes frei
.
- - End Of File - - 636F22CE55D91E2B0EBDB9E0D7B86BEC
--- --- ---

markusg 09.11.2012 20:02
seiht alles bisher ok aus.
ok norton ist aktuell, beobachte das mal, ob es erneut auftritt

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Karen 10.11.2012 01:47
Hi Markus

Bin hier zwar nicht der Fachmann, aber ich glaub, LOG sieht sauber aus.

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: Karen-PC [Administrator]

Schutz: Aktiviert

10.11.2012 01:04:46
mbam-log-2012-11-10 (01-04-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344897
Laufzeit: 38 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 10.11.2012 15:55
die sehen alle sauber aus...

lade den CCleaner standard:
CCleaner Download - CCleaner 3.24.1850
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Karen 11.11.2012 19:36
Hi Markus
Hier die Text Datei vom CCleaner

Adobe AIR Adobe Systems Incorporated 14.03.2012 2.7.1.19610 unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.10.2012 6.00MB 11.4.402.287 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.10.2012 6.00MB 11.4.402.287 unbekannt
Adobe Reader X (10.1.0) MUI Adobe Systems Incorporated 14.03.2012 477MB 10.1.0 unbekannt
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 07.10.2012 121MB 10.1.4 notwendig
Apple Application Support Apple Inc. 28.10.2012 64.5MB 2.2.2 unbekannt
Apple Mobile Device Support Apple Inc. 28.10.2012 23.7MB 6.0.0.59 unbekannt
Apple Software Update Apple Inc. 30.08.2012 2.38MB 2.1.3.127 unbekannt
Bing Bar Microsoft Corporation 28.10.2012 464KB 7.1.391.0 unbekannt
Bonjour Apple Inc. 30.08.2012 2.00MB 3.0.0.10 unbekannt
Broadcom Card Reader Driver Installer Broadcom Corporation 29.05.2012 2.76MB 15.0.6.2 unbekannt
Broadcom NetLink Controller Broadcom Corporation 14.03.2012 524KB 15.0.7.1 unbekannt
CCleaner Piriform 24.10.2012 3.24 notwendig
CyberLink MediaEspresso CyberLink Corp. 14.03.2012 164MB 6.5.1720_38230 unbekannt
eBay Worldwide OEM 31.08.2012 100KB 2.2.0409 unnötig
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 29.05.2012 10.6.9.9 unbekannt
Evernote v. 4.5.2 Evernote Corp. 14.03.2012 170MB 4.5.2.5866 unbekannt
Fooz Kids FUHU, Inc. 14.03.2012 3.0.8 unbekannt
Fooz Kids Platform FUHU, Inc. 14.03.2012 2.1 unbekannt
Identity Card Packard Bell 29.05.2012 1.00.3501 unbekannt
ifolor Designer Ifolor AG 02.10.2012 3.2.2.0 notwendig
Intel(R) Control Center Intel Corporation 29.05.2012 1.2.1.1007 unbekannt
Intel(R) Management Engine Components Intel Corporation 29.05.2012 8.0.2.1410 unbekannt
Intel(R) OpenCL CPU Runtime Intel Corporation 29.05.2012 unbekannt
Intel(R) Processor Graphics Intel Corporation 29.05.2012 8.15.10.2653 unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 29.05.2012 11.1.0.1006 unbekannt
Intel® Trusted Connect Service Client Intel Corporation 29.05.2012 10.6MB 1.23.605.1 unbekannt
iTunes Apple Inc. 28.10.2012 182MB 10.7.0.21 notwendig
Launch Manager Packard Bell 29.05.2012 5.1.13 unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 10.11.2012 19.4MB 1.65.1.1000 notwendig?
McAfee Security Scan Plus McAfee, Inc. 07.10.2012 10.2MB 3.0.207.4 notwendig?
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.03.2012 38.8MB 4.0.30319 unbekannt
Microsoft Office 2010 Microsoft Corporation 29.05.2012 6.31MB 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 19.09.2012 14.0.4763.1000 unbekannt
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 19.09.2012 14.0.5139.5005 notwendig?
Microsoft Silverlight Microsoft Corporation 07.10.2012 50.6MB 5.1.10411.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.03.2012 1.69MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02.09.2012 298KB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 29.05.2012 252KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 14.03.2012 784KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 30.08.2012 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.03.2012 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.03.2012 592KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30.08.2012 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 12.10.2012 13.7MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 12.10.2012 12.1MB 10.0.30319 unbekannt
Mozilla Firefox 16.0.2 (x86 de) Mozilla 28.10.2012 38.5MB 16.0.2 notwendig
Mozilla Maintenance Service Mozilla 28.10.2012 329KB 16.0.2 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.09.2012 1.27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.09.2012 1.33MB 4.20.9876.0 unbekannt
Nero BackItUp 10 Nero AG 14.03.2012 118MB 5.8.11100.9.100 unbekannt
Nero DiscSpeed 10 Nero AG 14.03.2012 7.21MB 6.4.10500.1.100 unbekannt
Nero Express 10 Nero AG 14.03.2012 165MB 10.6.10700.5.100 unbekannt
Nero Multimedia Suite 10 Essentials Nero AG 14.03.2012 352MB 10.6.10300 unbekannt
Nero RescueAgent 10 Nero AG 14.03.2012 6.53MB 3.6.10500.3.100 unbekannt
Nero StartSmart 10 Nero AG 14.03.2012 143MB 10.6.10600.4.100 unbekannt
Nero Update Nero AG 14.03.2012 1.46MB 1.0.10900.31.0 notwendig?
Norton Internet Security Symantec Corporation 31.08.2012 19.9.0.9 notwendig
Norton Online Backup Symantec Corporation 14.03.2012 6.19MB 2.1.17869 notwendig?
OpenOffice.org 3.4.1 Apache Software Foundation 30.08.2012 331MB 3.41.9593 notwendig
Packard Bell Games WildTangent 14.03.2012 1.0.2.5 unbekannt
Packard Bell Power Management Packard Bell 29.05.2012 6.00.3010 unbekannt
Packard Bell Recovery Management Packard Bell 14.03.2012 5.00.3507 unbekannt
Packard Bell Registration Packard Bell 29.05.2012 1.04.3506 unbekannt
Packard Bell ScreenSaver Packard Bell 29.05.2012 1.1.0915.2011 unbekannt
Packard Bell Social Networks CyberLink Corp. 29.05.2012 33.2MB 3.0.3106 unbekannt
Packard Bell Updater Packard Bell 14.03.2012 1.02.3501 unbekannt
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 29.05.2012 3.0 unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.05.2012 6.0.1.6543 notwendig
Skype™ 5.10 Skype Technologies S.A. 04.09.2012 19.4MB 5.10.116 notwendig?
Video Web Camera CyberLink Corp. 29.05.2012 41.3MB 1.5.2108.00 unbekannt
Welcome Center Packard Bell 29.05.2012 1.02.3507 unbekannt
Windows Live Essentials Microsoft Corporation 14.03.2012 unbekannt 15.4.3538.0513


Ziemlich viel unbekanntes Zeug drauf :crazy:

markusg 12.11.2012 14:57
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
CyberLink
eBay
Evernote
Fooz Kids beide.
McAfee
Nero : alle, falls du es nicht nutzt.
Packard Bell Games
Packard Bell Social
Packard Bell ScreenSaver
Skype™ : musst du wissen, wenn ihrs nicht nutzt, weg.
Video Web Camera
Windows Live : falls ihrs nicht nutzt, weg.
öffne ccleaner, analysieren, starten.
extras, autostart liste, exportieren und anhängen bitte.

Karen 13.11.2012 22:44
Hoi Markus

Hier die CCleaner Liste:

Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Ja HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Ja HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Ja HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
Ja HKLM:Run Norton Online Backup Symantec Corporation C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Ja HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Ja HKLM:Run Power Management Acer Incorporated C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
Ja HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

markusg 14.11.2012 17:32
ok
start ausführen, tippe:
msconfig
enter
systemstart, alle haken raus, neustart, wenn was wichtiges fehlt, kann man swieder anhaken
unter ccleaner, extras, autostart kannst du auch da den haken raus nemen:
Ja Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
neustarten, testen wie das gerät läuft

Karen 15.11.2012 11:30
Jetzt ist der Bildschirm ziemlich dunkel, und die Menüleiste sieht irgendwie "veraltet" aus. Hat nicht mehr die aktuellen icons.

Habs wieder zurück gehakt

Nachdem ich im CCleaner das OpenOffice deaktiviert hab, hab ich jetzt nen schwarzen Bildschirm nach dem Neustart. Komm auch nicht mehr ins Startmenü, um es irgendwie wieder anzustellen.
Hab zwar die Menüleiste (sonst allerdings nichts), kann aber das Starticon nicht anklicken, da der Cursor auf nicht zum Pfeil wird. Als würde es die ganze Zeit laden?! Kann nicht mal mehr runterfahren :heulen:

Uff... geschafft. Musste eiskalt abschalten, ums im abgesicherten Modus hochfahren zu können. OpenOffice im Autostart wieder aktiviert.
jetzt scheint alles wieder normal zu sein.

Ok, korrigiere... hab zwar meinen Startbildschirm wieder, kann aber nichts anklicken. Weder in der Menüleiste noch auf dem Desctop. Hab nur das "Warten" Symbol (das Ringli).
Komm auch nicht in den Task-Manager, kann auch nicht runterfahren.
Schalt jetzt wieder kalt ab und warte auf Deine nächsten Anweisungen (bloss gut, hab ich noch Laptop 1, so kann ich wenigstens ins Trojaner-Board).

markusg 16.11.2012 13:29
Hi
merkwürdig
Kommst du im Abgesicherten modus auf
start Ausführen msconfig
Systemstart?

Dann hake mal alles an, wie im Beitrag 58
Also, überall, wo "ja" drann steht, haken rein, Ok klicken und neustarten

Karen 16.11.2012 13:59
Hallo
Jetzt hats geklappt.
Sieht alles wieder normal aus.
Gestern ging irgendwie gar nichts mehr, als hätts sich aufgehangen.
Allerdings versteh ich nicht, warum nach dem Autorun deaktivieren vom OpenOffice nur noch alles schwarz war? Ist doch eigentlich nur das Schreibprogramm, oder lieg ich da jetzt falsch?
:wtf:

markusg 16.11.2012 14:00
ne, da liegst du richtig, ist merkwürdig.
Wie läufts mit den Mails, gabs noch auffälligkeiten?

Karen 16.11.2012 14:01
Nein, scheint jetzt sauber zu sein. Seitdem ich das Passwort geändert hatte über das sichere System.
:taenzer:

markusg 16.11.2012 14:05
ok, beide systeme sehen ok aus.
sichern wir sie ab, und dann gucken wir mal.
bzw, falls es dir zu unsicher ist, kannst du vor dem absichern, erst mal testen, ob du bei dem zweiten System nun auch das Mail PW nutzen kannst, ohne Probleme.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Karen 16.11.2012 14:06
Ups, jetzt fällt mir doch noch was auf, was nicht funktioniert.
Die rechte Seite von meinem Touchpad ist eigentlich zum Scrollen... aber das tut jetzt nicht mehr.
Die Maus "rutscht" nur über den Bildschirm, aber die Seite scrollt damit nicht mehr.:headbang:

Und noch ne Frage... Du empfielst mir Emisoft. Hab doch aber grad erst Norton für beide Lappis gekauft? Ist das so schlecht, soll ichs echt runterwerfen???

markusg 16.11.2012 14:33
Sorry, nein norton ist ok..
Geh mal auf die Hersteller Seite und update die Driver software uns sonstige angebotene Software, da sollten auch die neuesten Programmversionen für dein Pad liegen.

Karen 16.11.2012 15:19
Hab jetzt von der PackardBell Seite die Mauspad Treiber Updates runtergeladen und installiert. Jetzt geht wieder gar nichts mehr?!
Nach dem Neustart waren alle Desktop Symbole verschwunden und ich konnte den Lappi auch nicht mehr runterfahren (Startsymbol ging nicht).
Also hab ich ihn wieder kalt ausgeschaltet.
Nochmal gestartet, normaler Modus, Desktop hat wieder einige Symbole, andere sind als "Blatt Papier" zu sehen. Aber ich kann nichts machen, nichts anklicken. Das "Ringli" dreht und dreht...

Beim 3. Versuch (wieder kalt ausgeschaltet) waren zwar alle Symbole wieder vorhanden, allerdings verschoben auf andere Plätze.

Und ich kann weiterhin nichts anklicken.

4. Versuch: alle Symbole, wie sie sein sollen. Mozilla Firefox öffnet auch wieder.
Touchpad scrollt immer noch nicht. Also neu update incl. Neustart.
Jetzt steh ich wieder wie beim 2. Versuch... die meisten Symbole sind Papier Seiten, und das Ringli dreht und dreht........

Langsam weiss ich nicht mehr weiter :(

markusg 16.11.2012 15:56
dann setzen wir den jetzt neu auf.
Kann eig nicht an den Autostart einträgen gelegen haben.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Karen 16.11.2012 16:02
So, jetzt kommen wir auf für mich völlig unbekanntes Terrain :zunge:

In welchem Modus kann ich das machen? Im normalen häng ich fest, das alte Lied mit dem Ringli...

markusg 16.11.2012 16:04
Hi
die von mir oben genannte Ubuntu CD kannst du ja auf dem PC deines Gatten brennen :-)
Dann startest du das gerät, welches im moment Probleme machst, von der CD, denn Ubuntu ist ein komplett anderes Betriebssystem.
Darüber kannst du, wie in der chip-Anleitung geschrieben, die Daten retten

Karen 16.11.2012 17:31
Ok, dann fang ich mal an :rofl:
Noch was... zum neu aufsetzen hab ich beim Kauf keine CDs mit Windows oder so bekommen, hab nur die SicherungsCDs der Werkseinstellungen. Die hab ich selbst gebrannt. Geht das?

markusg 16.11.2012 19:33
jepp, wenigstens mal einer der die gebrannt hat :-)

Karen 16.11.2012 19:45
Hihi... bissel stolz bin... bin doch nicht gar so blöd :abklatsch:

So, Daten weitestgehend gesichert (allerdings langwierig, wenn man nur nen 2GB USB Stick zur Hand hat und immer zwischenablegen muss :wtf:)
Wie soll ich jetzt weiter verfahren?
Hab wie gesagt nur die Recovery DVDs, keinen Produktschlüssel oder ähnliches.
Auf Eurer Anleitung steht leider nichts davon.
Und wie muss ich meinen Lappi formatieren?
Das ist für mich absolut neu :glaskugel:

markusg 19.11.2012 18:12
Hi
die DVD'S sollten beschriftet ein.
lege die erste DVD ein, starte neu, drücke f12.
Damit solltest du ins Bootmenü kommen und dein DVD-Laufwerkw ählen können.
Da die recovery Funktion von Firma zu Firma unterschiede aufweist, beachte bitte den Text auf dem Bildschirm.
Wenn die Instalation durch ist, prüfe, ob auch alle alten Daten gelöscht wurden (persönliches zb)

Karen 19.11.2012 19:18
Muss ich den Laptop zuerst noch irgendwie formatieren? Wenn ja, wie muss ich das machen?

markusg 19.11.2012 20:17
Hi,
wie gesagt, dass sollte im Laufe der Recovery passieren.
In der Regel geht das automatisch

Karen 19.11.2012 22:36
So, bin dran.
Habe zusätzlich zu den 4 CDs Recovery noch eine CD AppDrv1 Sicherung von Treibern und Anwendungen. Soll ich die zum Schluss auch noch?

So, sieht aus wie neu :rofl:
Hab von der besagten 5. CD jetzt mal schon den CardReader, Touchpad Treiber und Audio installiert. Touchpad funktioniert wieder tip top. :taenzer:
Soll ich jetzt irgendwas machen, OTL oder so? Hab jetzt wahrscheinlich wieder wahnsinnig vorinstallierten Müll drauf :twak:

markusg 20.11.2012 20:36
hi, sind da auch mainboard treiber drauf, dann die auch mit instalieren.
Den vorinstalierten "Müll" entfernen wir am Ende, erinnere mich bitte, falls es mir entfällt.
sichern wir mal beide geräte ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Karen 22.11.2012 13:07
Hallo markus

Habe jetzt mal so ziemlich alles (und somit wahrscheinlich auch viel unnötiges) installiert.

Updates gemacht auf beiden Laptops.

Als Antivirenprogramm würd ich gern mein Norton behalten. (hab auf dem neueren Laptop jetzt nach dem Neuaufsetzen wieder die Testversion laufen, ich lass es erstmal so, nur für den Fall, dass ich ihn nochmal platt machen muss).

Hab bis jetzt immer Mozilla Firefox als Browser verwendet. Ist Google Chrome besser?
:glaskugel:

Hm, bin Deine Liste am abarbeiten (beide Lappis parallel). Aber den Punkt

Dienste konfigurieren:
Windows-Dienste sicher konfigurieren und abschalten (Windows 7/Vista/XP/2000) - www.ntsvcfg.de

Anleitung steht hier als Download zur verfügung.
hxxp://ntsvcfg.de/svc2kxp.zip
Lies den Abschnitt über die svc2kxp.md

Wähle die 2. Methode da diese die sicherste ist.
Je weniger Dienste der PC nach außen anbietet, desto besser.
Prüfe bitte, nachdem Du das Tool gestartet hast, ob die automatischen Updates für Windows sowie der intelligente Hintergrundtransferdienst (BITS) aktiv sind.

versteh ich leider nicht, respektive kanns nicht umsetzen für Windows7

Oder ist das nur für XP?
:confused:

markusg 23.11.2012 14:45
Norton passt.
Schau aber, das du dir Norton 2013 frisch lädst.
Chrome würd ich mir auf jeden fall mal ansehen, bietet einige Sicherheitsfeatures mehr, und sollte auch schneller laufen.
lesezeichen importieren:
Lesezeichen importieren oder exportieren - Google Chrome-Hilfe
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online



Dienste konfigurieren, steht ja unter xp, xp hast du ja nicht.

Karen 27.11.2012 23:51
Hatte ein Problem mit Google Chrome. Nach der Installation von Chrome und Deinstallation von Firefox (beide Laptops) kam ich überhaupt nicht mehr ins Internet. W Lan war auch völlig weg.
Musste auf dem neuen Lappi von der AppDrv1 CD den Treiber neu laden, um überhaupt wieder ins Net zu kommen.
Hab jetzt wieder Firefox draufgetan und Chrome wieder deinstalliert.:heulen:

markusg 29.11.2012 13:25
das ist aber komisch, Die browser ändern eig nichts an dem lan driver.
aber ok.
Dann für sandboxie folgenes:
firefox.exe
plugin-container.exe
freigeben.
Dann außerdem die Freigaben, unter Anwendungen, Webbrowser, Firefox, erstellen, außer, gesammten Profilordner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19