| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Funde: PUP.Blabbers und Trojan.SpyeyesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2012, 23:24
| #1 |
 |  Funde: PUP.Blabbers und Trojan.Spyeyes Hallo, Mein Browser (firefox) hat plötzlich nicht mehr funktioniert. Ich habe einen Scan meiner Festplatte C gemacht (auf ihr ist windows+firefox) mit Malwarebytes gemacht: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.08.30.04 Windows Vista Service Pack 2 x86 NTFS 30.08.2012 19:42:38 mbam-log-2012-08-30 (19-42-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 452014 Laufzeit: 3 Stunde(n), 12 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 4956 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 22 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AYF7XZHXVRJNRFNN (Trojan.Spyeyes) -> Daten: C:\Recycle.Bin\B6232F3A9BF.exe /q -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Löschen bei Neustart. C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 15 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Recycle.Bin\B6232F3A9BF.exe (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Recycle.Bin\72FF43F4DA86753 (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Während des Scans bekam ich vom Echtzeitscanner von Avira folgende Meldung TR/Dldr.Zamelcat.A.28 (steckt jetzt in der Quarantäne) Einen Scan mit Avira habe ich noch nicht gemacht. Danach habe ich diesen Beitrag gelesen: http://www.trojaner-board.de/122676-...-blabbers.html und anschließend noch AdwCleaner über meinen Pc laufen lassen: # AdwCleaner v2.000 - Datei am 08/30/2012 um 23:57:39 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Normaler Modus : Normal # Ausgeführt unter : C:\Users\Jenny\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\Conduit.xml Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\Program Files\MessengerPlusLive_Germany_TB Ordner Gefunden : C:\Users\Jenny\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\Jenny\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Users\Jenny\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Jenny\AppData\LocalLow\MessengerPlusLive_Germany_TB Ordner Gefunden : C:\Users\Jenny\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\Conduit Ordner Gefunden : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\MessengerPlusLive_Germany_TB Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\BrowserCompanion Schlüssel Gefunden : HKCU\Software\Headlight Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MessengerPlusLive_Germany_TB Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3844CBB-E6FE-4EC2-A37C-77C29EBC4530} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E3844CBB-E6FE-4EC2-A37C-77C29EBC4530} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2719325 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gefunden : HKLM\Software\MessengerPlusLive_Germany_TB Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3844CBB-E6FE-4EC2-A37C-77C29EBC4530} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessengerPlusLive_Germany_TB Toolbar Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19298 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0 (de) Profilname : default [Profil par défaut] Datei : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\prefs.js [OK] Die Datei ist sauber. Profilname : Jey Datei : C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\37oveq13.Jey\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4998 octets] - [30/08/2012 23:57:39] ########## EOF - C:\AdwCleaner[R1].txt - [5058 octets] ########## |
|
31.08.2012, 07:41
| #2 | ||
| /// Helfer-Team    |  Funde: PUP.Blabbers und Trojan.Spyeyes Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
31.08.2012, 10:01
| #3 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes Vielen Dank für die Hilfe :-)
__________________Hier sind die logfiles von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 10:28:24 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jenny\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,53% Memory free 6,19 Gb Paging File | 4,44 Gb Available in Paging File | 71,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 46,63 Gb Free Space | 32,37% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 15,23 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.364.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\7.1.364.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Bamboo Dock\BambooCore.exe () PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe () PRC - C:\Programme\DGS\dgsnetd.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\Jenny\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - C:\Windows\System32\lxbkcoms.exe ( ) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - D:\Programme\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\Bamboo Dock\BambooCore.exe () MOD - C:\Programme\Tablet\Pen\libxml2.dll () MOD - C:\Programme\Yuna Software\Messenger Plus!\Detour32.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\DGS\dgsnetd.exe () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\System32\SysHook.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Windows\PLFSetI.exe () MOD - D:\Programme\RocketDock\RocketDock.exe () MOD - D:\Programme\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.364.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.364.0\BBSvc.EXE (Microsoft Corporation.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mi-raysat_3dsmax2011_32) -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe () SRV - (DGSnetd) -- C:\Programme\DGS\dgsnetd.exe () SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( ) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe () SRV - (Adobe Version Cue CS3) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WacomVKHid) -- system32\DRIVERS\WacomVKHid.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (npkcrypt) -- D:\Spiele\setups\MastelaRO Full Client\npkcrypt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (iviVD) -- C:\Windows\System32\drivers\iviVD.sys (InterVideo) DRV - (PenClass) -- C:\Windows\System32\drivers\penclass.sys (Wacom Technology Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=XxWLx4A74_tnGbmr9JOO-sxy-7c?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 18:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 15:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 16:47:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\version4\components [2011.06.14 17:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\version4\plugins [2012.03.01 18:42:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] [2009.01.27 22:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions [2012.08.11 14:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions [2010.04.30 22:55:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.20 21:43:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 21:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 21:09:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(147) [2010.08.19 21:09:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(148) [2012.04.08 10:11:02 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com [2011.02.17 00:34:07 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\tineye@ideeinc.com [2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\conduit.xml [2012.08.28 21:44:50 | 000,001,056 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\icqplugin.xml [2012.08.29 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\version4\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\version4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.10.29 21:09:53 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\743HBU9Z.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Foxkeh Theme = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfmcddmngjdmjmhhpcnbnmnkdhpjhef\0.0.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartDGSnetd] C:\Programme\DGS\dgsnetd.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local security authentication server.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.02 22:51:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\Shell - "" = AutoRun O33 - MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\Shell - "" = AutoRun O33 - MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\Shell - "" = AutoRun O33 - MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\Shell - "" = AutoRun O33 - MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\Shell - "" = AutoRun O33 - MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\Shell - "" = AutoRun O33 - MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\Shell - "" = AutoRun O33 - MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 10:27:05 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012.08.31 10:22:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E375D325-143A-43A7-A519-61A1C9D500B4} [2012.08.30 22:21:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC05CAF2-DDD5-4271-B1F1-ABAEE7AEF83A} [2012.08.30 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Profiles [2012.08.30 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\743hbu9z.default [2012.08.30 10:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{75513B9D-D703-4963-86DD-443587B5B92D} [2012.08.29 15:12:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{628E1020-0280-4559-822A-56639F0EC5A1} [2012.08.28 11:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{A301DAB2-8D8F-4C17-83DE-F1B635D1426D} [2012.08.27 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{56ECC2C0-F7FD-4E7D-8129-C97D628F6822} [2012.08.26 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Neuer Ordner [2012.08.26 09:17:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F60A620D-CBA8-45CB-818D-3889C6594C09} [2012.08.25 13:28:04 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1E19FFD3-EF94-40D9-9A1D-12F15A50D8DE} [2012.08.24 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC6CED50-E4BE-42D3-B2BD-473B94E3170F} [2012.08.23 22:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4A4EB1BB-6349-4C66-A3AE-D0BD2F5B4993} [2012.08.23 10:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{28FB832A-91CD-48EE-BCF9-8850A31DCF5E} [2012.08.22 10:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8E8C1E43-278D-43D2-81F2-1B25559C3B0F} [2012.08.21 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C4F497D5-AEDD-4AE5-A7C3-4AD7CCC35962} [2012.08.20 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DDD14536-F76F-4A3F-966A-DA1B4EB7897B} [2012.08.20 11:07:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.20 11:01:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.20 11:01:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.20 11:01:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.20 11:01:30 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.20 11:01:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.08.20 11:01:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.08.20 11:01:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.08.20 11:01:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.08.20 11:01:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.20 11:01:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.08.20 11:01:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.08.20 11:01:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.08.20 11:01:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.08.20 11:01:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.08.20 11:01:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.20 11:01:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.08.20 11:01:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.20 11:01:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.08.20 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{33541514-8C76-43D3-A30E-94E8599DC555} [2012.08.19 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D727D75B-CA0D-457B-B127-6205A6E544F1} [2012.08.18 20:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E68A5A6B-232B-4959-9392-2C2D01D5C5B3} [2012.08.18 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1ACEAB98-F114-4743-8BA5-6E718CF7F6E0} [2012.08.17 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C9D6317B-E179-4DE7-9F60-6FB1A50194E9} [2012.08.17 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{3E260075-0AC8-411B-8760-2375BC11689B} [2012.08.16 21:58:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{10C3ABE8-0035-4D27-A8C1-0A843606DA31} [2012.08.16 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{985ABF91-167C-445D-A4DE-E0AB14E9BADD} [2012.08.16 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{22783D17-7C37-48F8-9B8A-A38FE8D92C1B} [2012.08.15 18:14:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9CBD5DCB-6D5F-4055-B4EA-E516E0CC44E8} [2012.08.15 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4AC2238A-A41B-4200-B0EF-6113ACCE1FC8} [2012.08.14 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9A770879-7A13-4685-9686-525AD1987F36} [2012.08.14 14:24:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DC85DFCC-0DE1-46EE-96FB-80E1E1D05918} [2012.08.13 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8C606F86-FB55-48C5-9AF4-5A60423F5F4E} [2012.08.13 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EAB836C9-5D9D-42DB-AE85-EA2192E82A99} [2012.08.13 07:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1CA72312-D287-4210-B24F-1EDA7AEB2FBB} [2012.08.13 07:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{ED896EE9-A3AC-43A7-9BE5-FE93E2A2BA25} [2012.08.12 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D89DCEFA-1351-4F58-97AE-0203DC3CA376} [2012.08.12 12:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EF1C9239-4DD0-4B34-B9A2-C00972C16096} [2012.08.11 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E9C74C1F-03D7-4543-A0D7-5F43F4927DF9} [2012.08.11 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1779E30E-C28C-4838-9B86-46435243D126} [2012.08.10 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B485E729-89A1-40EC-9D5C-C5BADD87FB24} [2012.08.10 17:38:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{04C0137A-5BF1-4326-BE44-3EA97C5A9687} [2012.08.09 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F08F020C-1F6B-4277-B913-4FEFD912DC1C} [2012.08.09 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{6538CCE4-5C76-40DB-903C-6F3198ADAB30} [2012.08.08 16:38:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7A260BEF-FD13-4865-9AA9-C80617C7FF34} [2012.08.08 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{58C146BD-AA54-4F15-A340-AC69371FBA87} [2012.08.07 21:32:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.08.07 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{5B2D35CB-0C5A-4952-BE52-5E175C01E43F} [2012.08.07 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{80C55C10-E0C6-4A1F-9CFD-E19C5B3DCDCF} [2012.08.06 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E5ACFDF6-FF99-4258-8BD0-016094979E28} [2012.08.06 13:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FF6E6317-2E4F-4C1B-8D56-9903781CFCD8} [2012.08.05 15:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B851BA96-7EB4-4B17-ACE7-095C724C37B1} [2012.08.05 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1953354E-6BF2-46E0-BB62-746703108C7A} [2012.08.04 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7973F559-9879-4849-B7E7-21419DE51407} [2012.08.04 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7EFAF018-B6CA-4247-9F06-DD0782B400A5} [2012.08.03 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{70391954-D52A-4C11-BBD8-4F0E84912D73} [2012.08.03 17:43:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{3F54C839-2DA8-4CDA-AD9A-1403FF39BF45} [2012.08.02 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{470F948C-A655-4643-8E9F-DF4764554774} [2012.08.02 15:36:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4B0990C4-A5EF-4238-9788-536653C07D87} [2012.08.01 18:29:54 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9FF88674-8220-47A5-A14B-01770264439A} [2012.08.01 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{21E2466E-8C60-48ED-A066-0D7EC2F53EDA} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.31 10:27:08 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012.08.31 10:27:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 10:18:08 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.31 10:17:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.08.31 10:17:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.31 10:17:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 10:17:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 10:17:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 10:16:49 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 00:32:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.30 23:57:10 | 000,511,265 | ---- | M] () -- C:\Users\Jenny\Desktop\adwcleaner.exe [2012.08.30 20:06:58 | 000,196,608 | ---- | M] () -- C:\Users\Jenny\Desktop\Favicons [2012.08.30 19:48:51 | 000,908,794 | ---- | M] () -- C:\Users\Jenny\Desktop\firefox.jpg [2012.08.30 19:48:30 | 000,963,676 | ---- | M] () -- C:\Users\Jenny\Desktop\chrome.jpg [2012.08.30 19:40:07 | 000,000,688 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:50:35 | 000,004,165 | ---- | M] () -- C:\Users\Jenny\Desktop\fox.gif [2012.08.30 18:46:29 | 000,004,165 | ---- | M] () -- C:\Users\Jenny\Desktop\pyong_raposa_fox-05.gif [2012.08.30 14:16:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.08.30 14:09:14 | 000,267,596 | ---- | M] () -- C:\Users\Jenny\Desktop\java.jpg [2012.08.30 14:03:29 | 000,314,008 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.29 19:03:09 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 19:03:09 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.27 00:08:03 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.26 22:09:36 | 000,220,160 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.23 17:00:27 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2012.08.21 15:24:03 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.21 15:24:03 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.21 15:24:03 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.21 15:24:03 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.21 15:16:29 | 002,543,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.19 19:51:02 | 213,535,416 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.13 10:08:36 | 000,007,962 | ---- | M] () -- C:\cc_20120813_100832.reg [2012.08.13 09:57:34 | 000,002,299 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:57:01 | 000,511,265 | ---- | C] () -- C:\Users\Jenny\Desktop\adwcleaner.exe [2012.08.30 19:48:49 | 000,908,794 | ---- | C] () -- C:\Users\Jenny\Desktop\firefox.jpg [2012.08.30 19:48:28 | 000,963,676 | ---- | C] () -- C:\Users\Jenny\Desktop\chrome.jpg [2012.08.30 19:40:07 | 000,000,688 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:50:34 | 000,004,165 | ---- | C] () -- C:\Users\Jenny\Desktop\fox.gif [2012.08.30 18:46:37 | 000,004,165 | ---- | C] () -- C:\Users\Jenny\Desktop\pyong_raposa_fox-05.gif [2012.08.30 14:09:12 | 000,267,596 | ---- | C] () -- C:\Users\Jenny\Desktop\java.jpg [2012.08.30 14:03:29 | 000,314,008 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.19 19:51:02 | 213,535,416 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.08.13 10:08:35 | 000,007,962 | ---- | C] () -- C:\cc_20120813_100832.reg [2011.12.28 22:42:43 | 000,153,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.12.26 22:42:10 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2011.12.23 01:03:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.21 20:27:57 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.12.21 20:27:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.21 20:27:56 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2011.09.06 22:41:28 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.26 14:35:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.06.23 17:31:10 | 000,000,275 | ---- | C] () -- C:\Users\Jenny\AppData\Local\HamsterVideoConverterSettings.cfg [2011.02.06 15:16:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.02.06 15:16:59 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.20 23:23:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\BongoSDK.10.v40.dll [2011.01.04 10:56:56 | 001,630,700 | ---- | C] () -- C:\Program Files\dgs_install.zip [2011.01.04 10:56:12 | 000,022,376 | -H-- | C] () -- C:\Users\Jenny\.sw-main934 [2011.01.04 10:56:12 | 000,002,560 | -H-- | C] () -- C:\Users\Jenny\.sw-recents [2010.09.13 17:31:10 | 000,197,053 | ---- | C] () -- C:\Windows\hpwins27.dat [2010.08.29 21:36:18 | 000,000,093 | ---- | C] () -- C:\Users\Jenny\AppData\Local\fusioncache.dat [2009.12.29 03:06:59 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2009.02.01 13:33:46 | 000,220,160 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.30 21:06:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.27 19:11:27 | 000,002,299 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [2009.01.27 18:15:05 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.01.27 18:12:48 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2009.02.07 01:05:03 | 000,000,000 | -HSD | M] -- C:\Users\Jenny\AppData\Roaming\.# [2009.02.17 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer GameZone Console [2011.10.29 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Atari [2011.01.30 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Autodesk [2010.01.30 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Blender Foundation [2011.12.25 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\com.gugga.radiomini [2012.07.25 11:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DAEMON Tools Lite [2012.08.13 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Dropbox [2011.12.22 01:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft [2011.07.20 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.27 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\eSobi [2011.06.23 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FreeFLVConverter [2010.08.25 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GetRightToGo [2011.11.06 23:03:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IcoFX [2011.08.21 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ [2009.08.30 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LG Electronics [2010.01.29 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Morpheus Software [2011.10.29 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mp3tag [2011.10.29 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MusicBrainz [2011.08.13 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nvu [2009.10.14 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org [2010.08.22 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst [2010.04.01 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SecondLife [2009.08.25 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SPORE Creature Creator [2010.02.04 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\STOIK [2010.05.10 22:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client [2010.08.29 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Turbine [2012.07.24 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent [2011.12.25 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wacom [2011.12.25 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.10.08 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer [2012.08.31 00:32:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 353 bytes -> C:\ProgramData\Temp:05EE1EEF @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:2B99FE60 < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 10:28:24 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jenny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,53% Memory free
6,19 Gb Paging File | 4,44 Gb Available in Paging File | 71,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 46,63 Gb Free Space | 32,37% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 15,23 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm Fotowelt] -- "D:\Programme\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C38445-AF55-4626-ABEA-F4A0475BBDAD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0B94C6F8-B1FA-46E7-A81E-768D35F22CB1}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1FC0F839-89C0-444E-B0EA-2F2E49C3CFAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31C3CCD8-BFE8-49AB-B971-FB7C3FC6CF09}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{59438DE2-21FE-490E-A004-E2A0D8DC75ED}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{70710AFC-B322-48A1-B7D1-E764C883D823}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8A4AD6A8-10B0-478B-8A04-E6483AC32C10}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9061396F-2AEF-43CA-A884-777597A80971}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E639AADE-359D-4FAD-A942-72083826C63B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FC980B70-A17B-47A6-86C1-B0540A7F919F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311C8B4-F137-4B20-883B-FA4DFBD40991}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{0D66F652-EB71-4C4F-B4F2-8783AB710EE2}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{0F472933-D79C-422F-89DE-272C10DE7F43}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{14B0664F-D1FC-40D1-8C29-49D7F23BFDDE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{170F9811-0166-4F95-BC07-111DE0B6FD37}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{18911FCF-CEA1-4001-9B2A-10874B579CE9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1CA1BEED-350E-40F3-AC52-8C96C117F7B9}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{1F459D85-0657-4CAF-A5F9-21BD94091F70}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{2362F9B1-6FE0-4148-A122-D03B0130994D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2567D9BA-2DEF-41E8-ABC0-8ADB06020566}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{28F66114-24E9-4EFA-BC8A-8965E95CCD61}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{292C16F0-F366-43E3-A613-8AB770CBA549}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{29C885BE-D034-4466-9F8A-5E7FEBD52DD6}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{335D6608-33D4-457C-A0B0-7974467429A5}" = protocol=6 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{352E3AA6-B708-4254-A3D7-C05911FC6361}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{392B28F9-BC0E-452C-8593-B5688ADB4E54}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{44DC91F9-B3FD-4C00-B8D3-844D0A8C4BF7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{45502E4E-092F-49B1-AC06-D43B9E95AEA6}" = protocol=6 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{455B5C15-BB02-4A13-875B-622C0BE5C55A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{485E181B-D509-408C-BD5A-33B49E26F589}" = protocol=17 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{4CFF1A8E-E564-4E4E-96E2-73F6BF44ACF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4D0A3162-B233-448A-ACEF-878F5E341A2C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{4FFF76A4-5133-4FB0-B56E-384BF524FDA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{537DB8E8-1770-4AD0-8998-2870E54D74E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55782BB4-ED83-46B5-AB93-93F9ECCB4B99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{5F1B3C69-935D-440F-A7F2-F99B656C379A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{6076B964-0B75-40A9-BD76-59A67F1DA942}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6702E16E-13F4-43F3-A5EB-4EFCC112BD94}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{6DC490AB-9AFF-4D24-80FE-CB63D645A6C7}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{75C189BF-AAD7-47C7-A678-89E0B4D66543}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{760648AA-C2FC-4CC3-9D7D-50D5CA29E873}" = protocol=6 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{76A459A5-9788-4A0E-8017-76C2F21FBC5C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7CDCD324-993C-4E4F-B63E-9C876C176A82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{83E3B3EA-4E60-439C-9E7B-0F15DB6189B4}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{85B6ED77-B12A-4D6A-B9DB-077CC791512E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{866CCA5A-D05E-4882-9634-3D51C5FBBDBC}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{87B0F00A-9CBC-435B-9CE9-5D1980C13A2D}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{87C42BB4-C805-493A-A0E1-70D9C4BC882B}" = protocol=17 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{8D47434F-0F66-4966-88EE-606054D649FC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{931E510E-0385-4290-9015-1A05D2A94E0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9F4341BF-F16F-44C2-8E08-10B9314832AC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{A5A42F72-BB21-4A40-B82B-E259C1E6CED8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A8233CF2-CAAD-4B41-A95E-62ADF6B4089A}" = protocol=17 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{B098FDAA-B8EF-41A9-B3DA-DE9E10CE9B39}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B5F70D68-3AF0-49BE-8EE1-008C314E2422}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BA1EE302-8125-4E4E-8B73-FEAC23C3F9EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BFFCA3C9-3B96-4A2F-AB3E-EB8B021F0602}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C67B2A5E-7B01-4D17-AF42-8111E9881A22}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C89FFB57-F7D2-43D9-B3E9-816A9A45D866}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{D0E50ACD-136C-4D0C-99A9-4E4DBADBE0B0}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{D351F1A2-CD85-4A0F-BDFE-5887CB0D9CDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D50664DD-ECC8-4F91-A336-133D57FD409C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D610B657-85EF-43E0-9B11-4AF8A0911D53}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D8C63FD1-5080-40C1-81C5-C9C50F79250C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4447BF4-83FE-4B2F-8D0D-CEA7B40F5103}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{EB5E3053-93A1-4ED7-ACEC-56BCBC7A7E62}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{ECD3ADF2-C36E-41C7-8E2E-7A8069B8290A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F43D50A6-552F-4C8E-882A-C1545396EA2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F7D4A726-BB20-4E35-AE4D-ADB61B8E03DA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{F9AB76AD-8DF8-48E5-8F91-D061ACF73245}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FA2ECDDF-BEE2-4314-8042-55BD183D8352}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FC5D96DE-DC96-46EA-BF95-D6913E392B95}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{FCBB9AB1-EE62-4319-AD18-7FE994F6B25D}" = dir=in | app=d:\programme\powerdirector\powerdirector\pdr.exe |
"{FD95881C-1730-44A6-8ECE-F3EFA94F8085}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"TCP Query User{28C89E53-407E-4F82-9AAF-E031AA7AC942}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"TCP Query User{2ACC8F31-027B-4DD0-88A2-919855AF0B28}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"TCP Query User{3904D328-5B4D-4846-8BDF-E4050CAAA929}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{56A72E0D-2DFE-40F1-BB84-8D515BC1C0CE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5DD841DE-8109-4FA8-8549-E4EDA6F3BC5B}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=6 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"TCP Query User{6CD73801-AA15-418E-A8DB-B6F272A42BD0}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{8E9F7AC9-4CD8-4C70-8CC1-D4FABCA565A6}D:\programme\kaspersky\setup.exe" = protocol=6 | dir=in | app=d:\programme\kaspersky\setup.exe |
"TCP Query User{8FCC004E-88E9-4D3A-9155-52AF6C668E35}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{90056987-C9AE-419D-96D7-5FB7189A10C0}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9E03B506-EBE3-45BC-A021-897E7C7D1CAE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A7ECC04B-A9ED-42D1-B021-73C8EC71B456}D:\programme\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"TCP Query User{BBCCDE66-35B7-4B19-A6CA-EC3DE8A9E794}D:\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"TCP Query User{C0138E9F-7D71-4FEA-AC87-90D72D923183}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C5236DDA-48EB-4C0A-9DA4-B8758E3424BA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D3B4D646-6E9B-459D-B57F-DEF0F41248A7}D:\spiele\spore\eadm\core.exe" = protocol=6 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"TCP Query User{F73FAEF9-AAA5-481F-85E7-98BB08F4B40D}C:\program files\dgs\dgsnetd.exe" = protocol=6 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
"UDP Query User{192570D0-446D-400D-8DCD-0984BED180CA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1DF102CB-4124-4E1F-B8F2-809F2201A2B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{29DE9ED9-D40C-4EDE-AC9D-A1F7C58BD65C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2BF9BCCC-7E76-4EEF-A889-A3B1793589D0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{398360B7-0871-4AC0-B0C0-B2CA6C728D9B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{445F0964-0074-4B59-A59C-8F21ABE70022}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=17 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"UDP Query User{51059E3C-8AC8-4A9F-9B5E-EABA4AE3775B}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{8DC30B06-87DF-452C-8F3D-A5FBF3048230}D:\spiele\spore\eadm\core.exe" = protocol=17 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"UDP Query User{9B5E1074-6FCF-42E3-BE9C-82E27C864B83}D:\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"UDP Query User{A3335517-B7F2-43E3-A9BF-988CF3AAD971}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"UDP Query User{A7CC504C-D2D7-4645-97A6-BCF004CC657A}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"UDP Query User{B4A6FB27-E861-487B-BBD1-976261AF1DE4}D:\programme\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"UDP Query User{C6E3F91F-D1F6-451A-BED3-6C2BD3F1B938}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{D8F48742-8BDA-4C4D-B3F9-BF9538239B4A}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E5E79DF0-0D00-4547-869D-39E49301D009}D:\programme\kaspersky\setup.exe" = protocol=17 | dir=in | app=d:\programme\kaspersky\setup.exe |
"UDP Query User{F9D449BE-AC3E-4599-A138-B56330A9DA7E}C:\program files\dgs\dgsnetd.exe" = protocol=17 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar
"{50A76A32-8D75-4839-815C-93054CFD436B}" = V-Ray for Rhinoceros
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579F16AF-AFA0-488C-BE83-71F4C92EC216}" = V-Ray for Rhinoceros
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67574624-BF0F-0407-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-Bit
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8058F9B8-68C6-4769-A1F2-994C4529B2C6}" = V-Ray for Rhinoceros
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = Die Sims 2 HomeCrafter Plus
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}" = YP-U1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"AnyDVD" = AnyDVD
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.gugga.radiomini" = MoodTuner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark and Light1.0.14.01" = Dark and Light
"DGS Portrait2" = DGS Portrait2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.1
"EADM" = EA Download Manager
"EOS 20D WIA Driver" = EOS 20D WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"GameWiz32" = GameWiz32
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IcoFX_is1" = IcoFX 1.6.4
"Id3Sort Version 1.3.0.13_is1" = Id3Sort Version, 1.3.0.13
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"Lexmark X1100 Series" = Lexmark X1100 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Messenger Plus!" = Messenger Plus! 5
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MusicBrainz Picard" = MusicBrainz Picard
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"myGamersCam" = myGamersCam 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"ODSK" = Canon Utilities Original Data Security Tools
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ramsete III" = Ramsete III
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"RocketDock_is1" = RocketDock 1.3.5
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = Ramsete 2.70
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tomb Raider: Anniversary Demo" = Tomb Raider: Anniversary Demo 1.0
"T-Splines for Rhino" = T-Splines for Rhino
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"Word8.0" = Microsoft Word 97
"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"World of Warcraft Trial" = Probeversion von World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.08.2012 13:48:53 | Computer Name = Kessy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Acrobat.exe, Version 8.0.0.456, Zeitstempel
0x453c8d7f, fehlerhaftes Modul icuuc34.dll, Version 3.4.0.0, Zeitstempel 0x43f67acf,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000eba3, Prozess-ID 0x160c, Anwendungsstartzeit
01cd847c2d63b175.
Error - 28.08.2012 05:39:15 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 09:03:36 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 09:27:28 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 11:31:06 | Computer Name = Kessy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.0.4619, Zeitstempel
0x50382fcd, fehlerhaftes Modul xul.dll, Version 15.0.0.4619, Zeitstempel 0x50382f44,
Ausnahmecode 0xc0000005, Fehleroffset 0x001bea47, Prozess-ID 0x13d8, Anwendungsstartzeit
01cd85ecc6964acb.
Error - 30.08.2012 04:10:20 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 12:58:40 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 14:19:57 | Computer Name = Kessy | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 25d8 Anfangszeit: 01cd86db9914554e Zeitpunkt der
Beendigung: 12
Error - 30.08.2012 17:06:47 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 31.08.2012 04:18:29 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 13:32:46 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 02.02.2009 15:21:13 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 11:12:35 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 16:11:26 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
< End of report >
Geändert von Linya (31.08.2012 um 10:09 Uhr) |
|
31.08.2012, 10:07
| #4 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes und dann noch das Ergebnis von CCleaner Code:
ATTFilter 7-Zip 4.65 05.06.2010 3,13MB Acer Arcade Deluxe CyberLink Corp. 27.10.2008 83,0MB 2.0.5529 Acer Bio Protection AAU 6.0.00.17 27.10.2008 183,2MB Acer Crystal Eye Webcam 2.0.8 SuYin 27.10.2008 2,95MB 2.0.8 Acer eAudio Management CyberLink Corp. 27.10.2008 4,71MB 3.0.3008 Acer eDataSecurity Management Egis Inc. 29.07.2008 69,3MB 3.0.3062 Acer Empowering Technology Acer Incorporated 27.10.2008 147,8MB 3.0.3009 Acer ePower Management Acer Incorporated 27.10.2008 9,84MB 3.0.3014 Acer eRecovery Management Acer Incorporated 27.10.2008 27,6MB 3.0.3014 Acer eSettings Management Acer Incorporated 29.07.2008 27,4MB 3.0.3007 Acer GameZone Console 2.0.1.1 Oberon Media, Inc. 29.07.2008 38,5MB Acer GridVista 27.10.2008 1,51MB 2.72.317 Acer Mobility Center Plug-In Acer Inc. 29.07.2008 4,13MB 3.0.3000 Acer ScreenSaver Acer Incorporated 27.10.2008 1.11.0701 Acer VCM Acer Incorporated 27.10.2008 22,9MB 3.1.3000 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 27.10.2008 14,0MB Adobe AIR Adobe Systems Incorporated 06.06.2012 38,1MB 3.2.0.2070 Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen Adobe Systems Incorporated 06.11.2009 1.0 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 28.08.2012 11.4.402.265 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 26.08.2012 11.4.402.265 Adobe Reader 9.4.0 - Deutsch Adobe Systems Incorporated 17.10.2010 242,3MB 9.4.0 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 17.10.2010 8,27MB 11.5.8.612 Agatha Christie Death on the Nile Oberon Media 27.10.2008 160,8MB Akamai NetSession Interface Akamai Technologies, Inc 21.06.2012 44,2MB Akamai NetSession Interface Service 26.10.2011 44,2MB Alice Greenfingers Oberon Media 27.10.2008 13,3MB AnyDVD SlySoft 25.07.2011 9,96MB 6.8.4.0 Apple Application Support Apple Inc. 31.12.2010 52,8MB 1.4.1 Apple Software Update Apple Inc. 23.03.2012 2,38MB 2.1.3.127 Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 29.07.2008 2,93MB 1.0.0.30 Autodesk 3ds Max 2011 32-Bit Autodesk 01.01.2011 1.376,5MB 13.0 Autodesk Backburner 2008.1 Autodesk, Inc. 01.01.2011 12,5MB 2008.1.1 Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 Autodesk 01.01.2011 38,9MB Autodesk Material Library 2011 Autodesk 01.01.2011 182,2MB 2.0.0.100 Avira Free Antivirus Avira 11.03.2012 128,4MB 12.0.0.898 Azada Oberon Media 27.10.2008 61,8MB Backspin Billiards Oberon Media 27.10.2008 9,09MB Bamboo Wacom Technology Corp. 29.04.2012 1,76MB 5.2.5-5 Bamboo Dock Wacom Co., Ltd. 24.12.2011 200,5MB 4.0 Big Kahuna Reef Oberon Media 27.10.2008 11,4MB Bing Bar Microsoft Corporation 16.03.2012 0,51MB 7.1.364.0 Bricks of Egypt Oberon Media 27.10.2008 6,73MB Cake Mania Oberon Media 27.10.2008 17,5MB CamStudio 21.03.2009 161,5MB CANON iMAGE GATEWAY Task for ZoomBrowser EX 02.06.2010 41,0MB 1.3.1.5 Canon Internet Library for ZoomBrowser EX 02.06.2010 41,0MB 1.5.1.4 Canon RAW Codec Canon Inc. 31.05.2010 30,8MB 1.7.0.56 Canon RAW Image Task for ZoomBrowser EX 02.06.2010 13,5MB 2.7.0.3 Canon Utilities Digital Photo Professional 3.1 02.06.2010 58,3MB 3.1.0.0 Canon Utilities EOS Utility 02.06.2010 31,7MB 2.1.0.1 Canon Utilities Original Data Security Tools 02.06.2010 5,87MB 1.1.0.0 Canon Utilities PhotoStitch 02.06.2010 6,14MB 3.1.19.43 Canon Utilities Picture Style Editor 02.06.2010 58,0MB 1.0.1.0 Canon Utilities WFT-E1/E2/E3 Utility 02.06.2010 2,26MB 3.1.0.7 Canon Utilities ZoomBrowser EX 02.06.2010 41,0MB 5.8.0.74 CCleaner Piriform 05.03.2010 2,73MB 2.29 CEP - Color Enable Package Numenor, for ModTheSims2 10.08.2010 0,68MB 6.0b (beta) Chicken Invaders 3 Oberon Media 27.10.2008 53,4MB Chuzzle Oberon Media 27.10.2008 10,3MB CloneDVD2 Elaborate Bytes 25.07.2011 8,85MB 2.9.3.0 ConvertHelper 2.2 DownloadHelper 15.11.2009 29,5MB CyberLink PhotoNow CyberLink Corp. 16.09.2009 20,9MB 1.1.5615 CyberLink PowerDirector CyberLink Corp. 16.09.2009 199,6MB 7.0.2905 DAEMON Tools Lite DT Soft Ltd 24.07.2012 25,8MB 4.45.4.0314 Dark and Light Farlan Entertainment Ltd 08.03.2009 1.337,2MB 1.0.14.01 DGS Portrait2 03.01.2011 12,7MB Die Sims - Tierisch gut drauf 03.04.2010 13,1MB Die Sims 2 12.04.2010 5.337,5MB Die Sims 2 HomeCrafter Plus 14.02.2011 12,7MB Die Sims 2: Nightlife 24.07.2012 1.286,6MB Die Sims 2: Wilde Campus-Jahre 12.04.2010 5.337,5MB Die Sims™ 2 Apartment-Leben Electronic Arts 19.07.2010 8.015,1MB Die Sims™ 2 Freizeit-Spaß Electronic Arts 06.02.2012 9.632,2MB Die Sims™ 2 Gute Reise Electronic Arts 20.07.2012 12,7MB Die Sims™ 2 H&M®-Fashion-Accessoires 22.04.2010 8.015,1MB Die Sims™ 2 Haustiere 12.04.2010 5.337,5MB Die Sims™ 2 IKEA® Home-Accessoires Electronic Arts 22.04.2010 8.015,1MB Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires Electronic Arts 22.04.2010 8.015,1MB Die Sims™ 2 Party-Accessoires 06.02.2012 9.632,2MB Die Sims™ 2 Vier Jahreszeiten 12.04.2010 5.337,5MB Diner Dash Flo on the Go Oberon Media 27.10.2008 17,2MB DivX Converter DivX, Inc. 10.05.2010 45,3MB 7.1.0 DivX Plus DirectShow Filters DivX, Inc. 10.05.2010 1,58MB DivX-Setup DivX, LLC 29.02.2012 3,48MB 2.6.1.8 dm Fotowelt 06.12.2009 203,0MB dm-Fotowelt 17.02.2012 407,0MB Dropbox Dropbox, Inc. 14.06.2012 26,2MB 1.4.7 EA Download Manager Electronic Arts, Inc. 23.08.2009 7,99MB 5.0.0.288 EOS 20D WIA Driver 31.05.2010 1,25MB 6.0.0.4 ESET Online Scanner v3 31.03.2012 93,4MB eSobi v2 esobi Inc. 29.07.2008 17,0MB 2.0.3.000189 EVEREST Home Edition v2.20 Lavalys Inc 04.02.2009 6,58MB 2.20 Flamingo 1.1 Robert McNeel & Associates, 3670 Woodland Park Avenue North, Seattle, WA 98103 USA 19.01.2011 104,6MB 1.1 Release 20051111 Flamingo 1.1 for Rhino 4.0 Robert McNeel & Associates, 3670 Woodland Park Avenue North, Seattle, WA 98103 USA 19.01.2011 76,4MB 1.1.4 Release 2007-01-16 FoxyTunes for Firefox 03.04.2010 Fraps (remove only) 28.03.2009 1,84MB Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 12.04.2011 3,13MB Free FLV Converter V 6.98.0 Koyote Soft 22.06.2011 13,5MB 6.98.0.0 Free M4a to MP3 Converter 7.0 ManiacTools.com 14.10.2011 3,87MB Free YouTube to MP3 Converter version 3.10.14.1206 DVDVideoSoft Ltd. 21.12.2011 3,41MB Freez FLV to AVI/MPEG/WMV Converter www.smallvideosoft.com 20.12.2011 9,94MB 1.6 GameWiz32 Nico Ebert 15.02.2009 1,64MB 1.43 Google Chrome Google Inc. 01.09.2009 134,0MB 21.0.1180.83 Google Desktop Google 13.06.2011 30,2MB 5.9.1005.12335 Google Earth Google 18.11.2011 92,8MB 6.1.0.5001 Google Toolbar for Internet Explorer Google Inc. 20.08.2012 34,9MB 7.4.3203.136 Google Updater Google Inc. 20.09.2011 3,91MB 2.4.2432.1652 GUILD WARS 15.07.2010 858,5MB HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 29.07.2008 0,98MB 7.73.00.52 HijackThis 2.0.2 TrendMicro 21.11.2009 0,40MB 2.0.2 HP Customer Participation Program 13.0 HP 12.09.2010 280,5MB 13.0 HP Document Manager 2.0 HP 12.09.2010 3,29MB 2.0 HP Imaging Device Functions 13.0 HP 12.09.2010 3,36MB 13.0 HP Officejet 4500 G510a-f HP 12.09.2010 33,4MB 13.0 HP Smart Web Printing 4.5 HP 12.09.2010 26,4MB 4.5 HP Solution Center 13.0 HP 12.09.2010 3,45MB 13.0 HP Update Hewlett-Packard 26.12.2011 3,98MB 5.003.001.001 IcoFX 1.6.4 05.11.2011 3,75MB ICQ7.4 ICQ 10.04.2011 63,1MB 7.4 Id3Sort Version, 1.3.0.13 01.09.2010 1,59MB Intel® Matrix Storage Manager Intel Corporation 27.10.2008 49,7MB InterVideo DVDCopy5 InterVideo Inc. 25.07.2011 96,9MB 5.5-B0.4 Java(TM) 6 Update 24 Sun Microsystems, Inc. 13.10.2009 97,7MB 6.0.240 Java(TM) 7 Update 5 Oracle 14.06.2012 99,3MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 14.06.2012 20,9MB 2.1.1 Jewel Quest Solitaire Oberon Media 27.10.2008 27,0MB Kick N Rush Oberon Media 27.10.2008 43,3MB Launch Manager 27.10.2008 2,66MB Lexmark X1100 Series Lexmark International, Inc. 25.04.2009 73,3MB LG PC Suite II LG PC Suite 25.12.2010 204,3MB 2.00.0000 LG United Mobile Driver LG Electronics 05.02.2011 5,99MB 2.2 Mahjong Escape Ancient China Oberon Media 27.10.2008 13,6MB Mahjongg Artifacts Oberon Media 27.10.2008 15,9MB Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 29.08.2012 7,30MB 1.61.0.1400 Messenger Plus! 5 Yuna Software 04.08.2012 18,5MB 5.50.0.761 MessengerPlusLive Germany TB Toolbar MessengerPlusLive Germany TB 06.08.2010 2,82MB 5.7.2.2 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 03.02.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 02.02.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 Microsoft IntelliPoint 6.3 Microsoft 23.12.2009 21,4MB 6.31.258.0 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,92MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 18.02.2012 298,1MB 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 29.05.2010 0,49MB 2.0.4024.1 Microsoft Silverlight Microsoft Corporation 12.05.2012 23,8MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.08.2011 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.02.2009 0,45MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 29.11.2010 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.08.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.03.2012 16,5MB 10.0.40219 Microsoft Visual C++ 8.0 Support DLLs McNeel & Associates 26.03.2010 4,23MB 1.0.0 Microsoft Word 97 10.05.2009 22,8MB Microsoft Works Microsoft Corporation 09.12.2009 282,6MB 08.05.0822 MoodTuner GUGA EOOD 24.12.2011 6,30MB 1.1 Mozilla Firefox 15.0 (x86 de) Mozilla 28.08.2012 70,4MB 15.0 Mozilla Firefox 4.0.1 (x86 de) Mozilla 30.04.2011 30,1MB 4.0.1 Mozilla Maintenance Service Mozilla 28.08.2012 0,20MB 15.0 Mp3tag v2.49 Florian Heidenreich 28.10.2011 6,91MB v2.49 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 26.01.2009 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 08.03.2009 36,00KB 4.20.9818.0 MusicBrainz Picard MusicBrainz 28.10.2011 33,1MB 0.16 MyDefrag v4.3.1 J.C. Kessels 24.06.2011 3,28MB 4.0.0.0 myGamersCam 1.2 Frogster Online Gaming GmbH 27.02.2009 2,07MB 1.2 Mystery Case Files - Huntsville Oberon Media 27.10.2008 24,4MB Mystery Solitaire - Secret Island Oberon Media 27.10.2008 19,9MB NTI Backup Now 5 NewTech Infosystems 29.07.2008 28,6MB 5.1.2.606 NTI Media Maker 8 NewTech Infosystems 29.07.2008 187,0MB 8.0.2.6329 NVIDIA Drivers 18.08.2009 Nvu 1.0 Thorsten Fritz 12.08.2011 22,0MB 1.0 OCR Software by I.R.I.S. 13.0 HP 12.09.2010 3,29MB 13.0 OpenOffice.org 3.1 OpenOffice.org 13.10.2009 371,1MB 3.1.9420 Orion Convesoft 29.07.2008 12,2MB 2.0.1 PC Inspector File Recovery 04.07.2010 5,93MB 4.0 Probeversion von World of Warcraft Blizzard Entertainment 18.07.2010 1,18MB QuickTime Apple Inc. 31.12.2010 73,7MB 7.69.80.9 Ramsete 2.70 01.01.2011 14,7MB Ramsete III 03.01.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.07.2008 21,6MB 6.0.1.5618 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 29.07.2008 2,97MB Rhino RDK 19.01.2011 Rhinoceros 3.0 Robert McNeel & Associates, 3670 Woodland Park Avenue North, Seattle, WA 98103 USA 19.01.2011 252,0MB 3.0 Release Rhinoceros 4.0 McNeel & Associates 19.01.2011 238,3MB 4.0.20206 Rhinoceros 4.0 SR3 McNeel & Associates 19.01.2011 89,0MB 4.0.30222 Rhinoceros 4.0 SR4 Robert McNeel & Associates 19.01.2011 89,0MB 4.0.30807 Rhinoceros 4.0 SR4b Robert McNeel & Associates 19.01.2011 89,0MB 4.0.30827 RocketDock 1.3.5 Punk Software 19.03.2010 12,0MB Shop for HP Supplies HP 12.09.2010 280,5MB 13.0 SPBA 5.8 UPEK Inc. 27.10.2008 20,1MB 5.8.2.4218 Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 29.08.2009 32,5MB 8.0.0 SPORE™ Labor Basisversion Electronic Arts 22.08.2009 179,6MB 1.00.0000 STOIK Video Converter 2 STOIK Imaging 03.02.2010 3,16MB 2.1.0.0 Surf & E-Mail-Stick Huawei Technologies Co.,Ltd 27.09.2011 64,4MB 16.001.06.02.35 Synaptics Pointing Device Driver Synaptics 29.07.2008 14,4MB 11.1.4.0 T-Splines for Rhino T-Splines Inc 19.01.2011 2,48MB 1.2 Tablett Ihr Firmenname 14.08.2009 4.72.0000 TeamSpeak 2 RC2 Dominating Bytes Design 27.01.2009 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 16.04.2010 35,4MB Tomb Raider: Anniversary Demo 1.0 05.05.2011 400,2MB TransType Pro FontLab 08.12.2009 10,1MB 3.0 Turbo Pizza Oberon Media 27.10.2008 175,4MB Uninstall 1.0.0.1 12.04.2011 30,8MB V-Ray for Rhinoceros ASGvis, LLC 19.01.2011 28,1MB 01.01.71 WebTablet FB Plugin Wacom Technology Corp. 24.12.2011 2.0.0.1 WebTablet IE Plugin Wacom Technology Corp. 24.12.2011 1.1.0.12 WebTablet Netscape Plugin Wacom Technology Corp. 24.12.2011 3,01MB 1.1.0.10 WIDCOMM Bluetooth Software 6.0.1.6400 Broadcom Corporation 27.10.2008 35,5MB 6.0.1.6400 Winamp Nullsoft, Inc 25.12.2010 27,0MB 5.601 Winbond CIR Device Drivers Winbond Electronics Corporation 29.07.2008 2,25MB 7.60.1012 Windows Live Essentials Microsoft Corporation 29.07.2008 15.4.3555.0308 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 12.02.2011 5,58MB 15.4.5722.2 Windows Live Sync Microsoft Corporation 01.10.2009 2,79MB 14.0.8089.726 Windows Media Player Firefox Plugin Microsoft Corp 03.04.2009 0,29MB 1.0.0.8 WinRAR 10.08.2010 3,21MB Wisdom-soft Set up ASR 3.1 Pro Wisdom Software Inc. 20.12.2011 8,40MB YP-U1 16.06.2012 5,80MB Zoo Tycoon-Erweiterungen 08.05.2011 492,9MB Zuma Deluxe Oberon Media 27.10.2008 11,2MB µTorrent 23.07.2012 0,86MB 3.2.0 |
|
01.09.2012, 00:43
| #5 | ||
| /// Helfer-Team | Funde: PUP.Blabbers und Trojan.Spyeyes Systemreinigung und Prüfung: damit ich weiß, welche Änderungen Du vorgenommen hast: Zitat:
Nur bei Probleme inzwischen melden! 1. Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. Code:
ATTFilter Messenger Plus! Live
MessengerPlusLive Germany TB Toolbar:
Wenn du unbedingt möchtest (nicht empfohlen, da es absolut nicht nötig ist und dein MSN davon nicht betroffen), kannst du nochmal installieren, aber alles genau durchlesen, und Partnerprogrammen, Sponsoren etc möglichst abwählen![/b][/size][/quote] Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen! 3. Zur Info: AnyDVD <- "Hacker-Tools" 4. ALTE VERSION!!!: Code:
ATTFilter Logfile of HijackThis 2.0.2
also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier HijackThis v2.0.4 herunter 5. kann deinstalliert werden: Code:
ATTFilter Bing Bar
 Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...6. Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. 7. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=XxWLx4A74_tnGbmr9JOO-sxy-7c?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\conduit.xml
O4 - HKLM..\Run: [] File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\Shell - "" = AutoRun
O33 - MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\Shell - "" = AutoRun
O33 - MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\Shell - "" = AutoRun
O33 - MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\Shell - "" = AutoRun
O33 - MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\Shell - "" = AutoRun
O33 - MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2012.08.31 10:27:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 10:17:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 353 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:2B99FE60
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
8. Adobe Reader aktualisieren : - Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 9. Alle Programme/Fenster schliessen Java-Cache leeren Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK -> Wie leere ich den Java-Cache? -> Java-Cache leeren -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann. 10. Java : Ältere Versionen falls noch existieren, deinstallieren ► Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten! Java(TM) 6 Update 24 11. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 12. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
13. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
14. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.09.2012, 16:25
| #6 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes Hallo, Vielen Dank! 1. Windows defender wurde deaktiviert und alle Schritte wie beschrieben durchgeführt. Soll er jetzt immer aus bleiben? 2. + 3. Programme wurden nicht gebraucht und deinstalliert 4. alte Version (hijack This) wurde deinstalliert und neue installiert 5. BingBar wurde deinstalliert 6. Proxyeinstellungen wurden wie beschrieben geändert 7. Fixen mit OTL Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76aeea42-e04a-4b62-83ab-df4b2be2541e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76aeea42-e04a-4b62-83ab-df4b2be2541e}\ not found.
File C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully.
C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd4665-10de-11e0-9874-00238b1c35d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd4665-10de-11e0-9874-00238b1c35d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd4665-10de-11e0-9874-00238b1c35d8}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669f3535-356b-11e1-8007-002269ddee37}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669f3535-356b-11e1-8007-002269ddee37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669f3535-356b-11e1-8007-002269ddee37}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669f3536-356b-11e1-8007-002269ddee37}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669f3536-356b-11e1-8007-002269ddee37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669f3536-356b-11e1-8007-002269ddee37}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{693eb072-ec7a-11e0-a3df-00238b1c35d8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{693eb074-ec7a-11e0-a3df-00238b1c35d8}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2ac478-e9a6-11e0-9f40-00238b1c35d8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae2ac47b-e9a6-11e0-9f40-00238b1c35d8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:2B99FE60 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jenny\Desktop\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56507 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenny
->Temp folder emptied: 29831382 bytes
->Temporary Internet Files folder emptied: 24745023 bytes
->Java cache emptied: 40546471 bytes
->FireFox cache emptied: 61017309 bytes
->Google Chrome cache emptied: 277083573 bytes
->Flash cache emptied: 2009536 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8945118 bytes
RecycleBin emptied: 44516455 bytes
Total Files Cleaned = 466,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_115420
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
9. Java Cache wurde geleert. Allerdings habe ich keine "Verfolgungs und Protokolldateien" Option gesehen 10. Java6update24 wurde entfernt 11. explorer cache geleert 12. System wie beschrieben mit CCleaner gereinigt und neu gestartet 13. Externe Festplatte angeschlossen und Sicherheitseinstellungen geändert anschließend onlineScan mit Eset. Ich konnte nach dem Scan das Protokoll nicht finden! Hier ein Screenshot hxxp://s1.directupload.net/images/120901/jps6mfhm.jpg Bin mir nicht sicher ob ich etwas falsch gemacht habe, oder ob keins vorhanden ist, da nichts gefunden wurde. Habe Eset deshalb noch nicht deinstalliert. Sicherheitseinstellungen wurden nach Scan wieder geändert. 14. Logfiles OTL Code:
ATTFilter OTL logfile created on: 01.09.2012 16:59:44 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = c:\Users\Jenny\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 37,26% Memory free 6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 49,36 Gb Free Space | 34,27% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 15,24 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive I: | 465,76 Gb Total Space | 236,58 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.01 11:58:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jenny\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.08.31 10:27:08 | 000,598,528 | ---- | M] (OldTimer Tools) -- c:\Users\Jenny\Desktop\OTL.exe PRC - [2012.08.25 03:59:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 18:22:21 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012.06.28 13:40:41 | 000,638,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.03.08 18:50:28 | 004,280,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe PRC - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe PRC - [2011.09.08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe PRC - [2011.09.08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe PRC - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.02 16:55:28 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010.04.01 11:02:42 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe PRC - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () -- C:\Programme\DGS\dgsnetd.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.07 21:46:56 | 001,468,296 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2008.10.28 14:30:27 | 003,520,512 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.10.28 14:30:19 | 003,602,432 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2008.08.01 10:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.24 16:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.07.24 16:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 11:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.18 17:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.06.04 14:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2008.06.02 10:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe PRC - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.23 12:22:38 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.04.23 12:22:38 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.03.25 16:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 04:24:44 | 002,585,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.exe PRC - [2007.04.03 07:09:18 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- D:\Programme\CS3\Adobe Photoshop CS3\Photoshop.exe ========== Modules (No Company Name) ========== MOD - [2012.08.25 03:59:17 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.15 10:53:01 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.15 10:50:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 10:50:32 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.14 11:15:33 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.14 11:13:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 10:37:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.14 10:35:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.14 10:35:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe MOD - [2011.09.08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () -- C:\Programme\DGS\dgsnetd.exe MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.12.31 06:31:25 | 000,034,088 | R--- | M] () -- C:\Programme\Cyberlink\Shared files\richvideops.dll MOD - [2008.10.28 14:17:21 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll MOD - [2008.10.28 14:17:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.10.28 14:17:21 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.10.28 14:17:21 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll MOD - [2008.10.28 14:17:21 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.10.28 14:17:21 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll MOD - [2008.07.24 16:54:20 | 000,757,760 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.07.24 16:54:16 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.06.11 10:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.06.02 10:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe MOD - [2008.06.02 10:25:36 | 000,013,824 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll MOD - [2008.06.02 10:25:02 | 000,005,120 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll MOD - [2008.06.02 10:25:00 | 001,822,720 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll MOD - [2008.05.30 12:25:12 | 000,028,672 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eAudio\eAudioMenuPlugin.dll MOD - [2008.05.26 14:39:26 | 000,020,480 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll MOD - [2008.05.14 17:05:10 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.dll MOD - [2007.04.03 07:10:00 | 002,342,912 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\Photoshop.dll MOD - [2007.04.03 07:09:18 | 000,049,152 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\QuickTimeGlue.dll MOD - [2007.04.03 07:09:14 | 000,393,216 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\AdobeXMP.dll ========== Services (SafeList) ========== SRV - [2012.08.30 21:57:58 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.02 16:55:28 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.01 11:02:42 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32) SRV - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () [Auto | Running] -- C:\Programme\DGS\dgsnetd.exe -- (DGSnetd) SRV - [2008.10.28 14:30:19 | 003,602,432 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.03.20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Spiele\setups\MastelaRO Full Client\npkcrypt.sys -- (npkcrypt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.25 11:23:41 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.08 18:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2010.10.21 10:45:18 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2010.10.21 10:45:16 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2010.10.21 10:45:16 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2010.09.27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2010.09.27 17:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2010.09.27 17:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2010.05.12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2008.10.28 14:30:15 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.10.06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.07.18 18:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 17:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.02.16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2005.11.16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iviVD.sys -- (iviVD) DRV - [2001.04.09 20:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\penclass.sys -- (PenClass) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 18:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 15:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 12:12:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\version4\components [2011.06.14 17:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\version4\plugins [2012.09.01 12:12:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] [2009.01.27 22:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions [2012.08.31 23:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions [2010.04.30 22:55:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.31 23:38:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.20 21:43:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 21:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 21:09:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(147) [2010.08.19 21:09:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(148) [2012.04.08 10:11:02 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com [2011.02.17 00:34:07 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\tineye@ideeinc.com [2012.08.28 21:44:50 | 000,001,056 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\icqplugin.xml [2012.08.29 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\version4\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\version4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.08.31 23:21:26 | 000,527,328 | ---- | M] () (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\743HBU9Z.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.10.29 21:09:53 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\743HBU9Z.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Foxkeh Theme = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfmcddmngjdmjmhhpcnbnmnkdhpjhef\0.0.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartDGSnetd] C:\Programme\DGS\dgsnetd.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local security authentication server.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.02 22:51:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.01 12:06:25 | 051,769,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Jenny\Desktop\AdbeRdr1014_de_DE.exe [2012.09.01 11:54:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.01 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.09.01 11:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B128F32D-7D48-4D9A-80C0-977CA7D2C7C0} [2012.08.31 23:04:28 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{A36FFF7C-69B7-439D-B515-AF947C1E9647} [2012.08.31 10:27:05 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012.08.31 10:22:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E375D325-143A-43A7-A519-61A1C9D500B4} [2012.08.30 22:21:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC05CAF2-DDD5-4271-B1F1-ABAEE7AEF83A} [2012.08.30 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Profiles [2012.08.30 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\743hbu9z.default [2012.08.30 10:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{75513B9D-D703-4963-86DD-443587B5B92D} [2012.08.29 15:12:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{628E1020-0280-4559-822A-56639F0EC5A1} [2012.08.28 11:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{A301DAB2-8D8F-4C17-83DE-F1B635D1426D} [2012.08.27 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{56ECC2C0-F7FD-4E7D-8129-C97D628F6822} [2012.08.26 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Neuer Ordner [2012.08.26 09:17:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F60A620D-CBA8-45CB-818D-3889C6594C09} [2012.08.25 13:28:04 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1E19FFD3-EF94-40D9-9A1D-12F15A50D8DE} [2012.08.24 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC6CED50-E4BE-42D3-B2BD-473B94E3170F} [2012.08.23 22:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4A4EB1BB-6349-4C66-A3AE-D0BD2F5B4993} [2012.08.23 10:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{28FB832A-91CD-48EE-BCF9-8850A31DCF5E} [2012.08.22 10:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8E8C1E43-278D-43D2-81F2-1B25559C3B0F} [2012.08.21 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C4F497D5-AEDD-4AE5-A7C3-4AD7CCC35962} [2012.08.20 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DDD14536-F76F-4A3F-966A-DA1B4EB7897B} [2012.08.20 11:07:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.20 11:01:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.20 11:01:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.20 11:01:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.20 11:01:30 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.20 11:01:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.08.20 11:01:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.08.20 11:01:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.08.20 11:01:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.08.20 11:01:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.20 11:01:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.08.20 11:01:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.08.20 11:01:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.08.20 11:01:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.08.20 11:01:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.08.20 11:01:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.20 11:01:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.08.20 11:01:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.20 11:01:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.08.20 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{33541514-8C76-43D3-A30E-94E8599DC555} [2012.08.19 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D727D75B-CA0D-457B-B127-6205A6E544F1} [2012.08.18 20:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E68A5A6B-232B-4959-9392-2C2D01D5C5B3} [2012.08.18 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1ACEAB98-F114-4743-8BA5-6E718CF7F6E0} [2012.08.17 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C9D6317B-E179-4DE7-9F60-6FB1A50194E9} [2012.08.17 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{3E260075-0AC8-411B-8760-2375BC11689B} [2012.08.16 21:58:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{10C3ABE8-0035-4D27-A8C1-0A843606DA31} [2012.08.16 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{985ABF91-167C-445D-A4DE-E0AB14E9BADD} [2012.08.16 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{22783D17-7C37-48F8-9B8A-A38FE8D92C1B} [2012.08.15 18:14:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9CBD5DCB-6D5F-4055-B4EA-E516E0CC44E8} [2012.08.15 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4AC2238A-A41B-4200-B0EF-6113ACCE1FC8} [2012.08.14 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9A770879-7A13-4685-9686-525AD1987F36} [2012.08.14 14:24:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DC85DFCC-0DE1-46EE-96FB-80E1E1D05918} [2012.08.13 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8C606F86-FB55-48C5-9AF4-5A60423F5F4E} [2012.08.13 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EAB836C9-5D9D-42DB-AE85-EA2192E82A99} [2012.08.13 07:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1CA72312-D287-4210-B24F-1EDA7AEB2FBB} [2012.08.13 07:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{ED896EE9-A3AC-43A7-9BE5-FE93E2A2BA25} [2012.08.12 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D89DCEFA-1351-4F58-97AE-0203DC3CA376} [2012.08.12 12:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EF1C9239-4DD0-4B34-B9A2-C00972C16096} [2012.08.11 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E9C74C1F-03D7-4543-A0D7-5F43F4927DF9} [2012.08.11 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1779E30E-C28C-4838-9B86-46435243D126} [2012.08.10 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B485E729-89A1-40EC-9D5C-C5BADD87FB24} [2012.08.10 17:38:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{04C0137A-5BF1-4326-BE44-3EA97C5A9687} [2012.08.09 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F08F020C-1F6B-4277-B913-4FEFD912DC1C} [2012.08.09 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{6538CCE4-5C76-40DB-903C-6F3198ADAB30} [2012.08.08 16:38:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7A260BEF-FD13-4865-9AA9-C80617C7FF34} [2012.08.08 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{58C146BD-AA54-4F15-A340-AC69371FBA87} [2012.08.07 21:32:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.08.07 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{5B2D35CB-0C5A-4952-BE52-5E175C01E43F} [2012.08.07 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{80C55C10-E0C6-4A1F-9CFD-E19C5B3DCDCF} [2012.08.06 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E5ACFDF6-FF99-4258-8BD0-016094979E28} [2012.08.06 13:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FF6E6317-2E4F-4C1B-8D56-9903781CFCD8} [2012.08.05 15:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B851BA96-7EB4-4B17-ACE7-095C724C37B1} [2012.08.05 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1953354E-6BF2-46E0-BB62-746703108C7A} [2012.08.04 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7973F559-9879-4849-B7E7-21419DE51407} [2012.08.04 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7EFAF018-B6CA-4247-9F06-DD0782B400A5} [2012.08.03 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{70391954-D52A-4C11-BBD8-4F0E84912D73} [2012.08.03 17:43:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{3F54C839-2DA8-4CDA-AD9A-1403FF39BF45} [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.01 16:50:07 | 000,339,744 | ---- | M] () -- C:\Users\Jenny\Desktop\eset.jpg [2012.09.01 16:42:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 16:42:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 14:16:09 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.09.01 12:47:30 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.01 12:47:30 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.01 12:47:30 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.01 12:47:30 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.01 12:38:17 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.01 12:37:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.01 12:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.01 12:36:54 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2012.09.01 12:35:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.01 12:34:30 | 000,008,806 | ---- | M] () -- C:\Users\Jenny\Desktop\cc_20120901_123348.reg [2012.09.01 12:13:00 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.01 12:08:56 | 051,769,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Jenny\Desktop\AdbeRdr1014_de_DE.exe [2012.09.01 11:43:46 | 000,001,954 | ---- | M] () -- C:\Users\Jenny\Desktop\HiJackThis.lnk [2012.09.01 11:41:15 | 001,402,880 | ---- | M] () -- C:\Users\Jenny\Desktop\HiJackThis.msi [2012.08.31 10:27:08 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe [2012.08.30 23:57:10 | 000,511,265 | ---- | M] () -- C:\Users\Jenny\Desktop\adwcleaner.exe [2012.08.30 19:48:51 | 000,908,794 | ---- | M] () -- C:\Users\Jenny\Desktop\firefox.jpg [2012.08.30 19:48:30 | 000,963,676 | ---- | M] () -- C:\Users\Jenny\Desktop\chrome.jpg [2012.08.30 19:40:07 | 000,000,688 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:50:35 | 000,004,165 | ---- | M] () -- C:\Users\Jenny\Desktop\fox.gif [2012.08.30 18:46:29 | 000,004,165 | ---- | M] () -- C:\Users\Jenny\Desktop\pyong_raposa_fox-05.gif [2012.08.30 14:09:14 | 000,267,596 | ---- | M] () -- C:\Users\Jenny\Desktop\java.jpg [2012.08.30 14:03:29 | 000,314,008 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.29 19:03:09 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 19:03:09 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.27 00:08:03 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.26 22:09:36 | 000,220,160 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.23 17:00:27 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2012.08.21 15:16:29 | 002,543,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 10:08:36 | 000,007,962 | ---- | M] () -- C:\cc_20120813_100832.reg [2012.08.13 09:57:34 | 000,002,299 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.01 16:48:50 | 000,339,744 | ---- | C] () -- C:\Users\Jenny\Desktop\eset.jpg [2012.09.01 12:34:18 | 000,008,806 | ---- | C] () -- C:\Users\Jenny\Desktop\cc_20120901_123348.reg [2012.09.01 12:13:00 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.01 12:12:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.01 11:43:46 | 000,001,954 | ---- | C] () -- C:\Users\Jenny\Desktop\HiJackThis.lnk [2012.09.01 11:41:14 | 001,402,880 | ---- | C] () -- C:\Users\Jenny\Desktop\HiJackThis.msi [2012.08.30 23:57:01 | 000,511,265 | ---- | C] () -- C:\Users\Jenny\Desktop\adwcleaner.exe [2012.08.30 19:48:49 | 000,908,794 | ---- | C] () -- C:\Users\Jenny\Desktop\firefox.jpg [2012.08.30 19:48:28 | 000,963,676 | ---- | C] () -- C:\Users\Jenny\Desktop\chrome.jpg [2012.08.30 19:40:07 | 000,000,688 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:50:34 | 000,004,165 | ---- | C] () -- C:\Users\Jenny\Desktop\fox.gif [2012.08.30 18:46:37 | 000,004,165 | ---- | C] () -- C:\Users\Jenny\Desktop\pyong_raposa_fox-05.gif [2012.08.30 14:09:12 | 000,267,596 | ---- | C] () -- C:\Users\Jenny\Desktop\java.jpg [2012.08.30 14:03:29 | 000,314,008 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.13 10:08:35 | 000,007,962 | ---- | C] () -- C:\cc_20120813_100832.reg [2011.12.28 22:42:43 | 000,153,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.12.26 22:42:10 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2011.12.23 01:03:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.21 20:27:57 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.12.21 20:27:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.21 20:27:56 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2011.09.06 22:41:28 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.26 14:35:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.06.23 17:31:10 | 000,000,275 | ---- | C] () -- C:\Users\Jenny\AppData\Local\HamsterVideoConverterSettings.cfg [2011.02.06 15:16:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.02.06 15:16:59 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.20 23:23:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\BongoSDK.10.v40.dll [2011.01.04 10:56:56 | 001,630,700 | ---- | C] () -- C:\Program Files\dgs_install.zip [2011.01.04 10:56:12 | 000,022,376 | -H-- | C] () -- C:\Users\Jenny\.sw-main934 [2011.01.04 10:56:12 | 000,002,560 | -H-- | C] () -- C:\Users\Jenny\.sw-recents [2010.09.13 17:31:10 | 000,197,053 | ---- | C] () -- C:\Windows\hpwins27.dat [2010.08.29 21:36:18 | 000,000,093 | ---- | C] () -- C:\Users\Jenny\AppData\Local\fusioncache.dat [2009.12.29 03:06:59 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2009.02.01 13:33:46 | 000,220,160 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.30 21:06:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.27 19:11:27 | 000,002,299 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [2009.01.27 18:15:05 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.01.27 18:12:48 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2009.02.07 01:05:03 | 000,000,000 | -HSD | M] -- C:\Users\Jenny\AppData\Roaming\.# [2009.02.17 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer GameZone Console [2011.10.29 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Atari [2011.01.30 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Autodesk [2010.01.30 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Blender Foundation [2011.12.25 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\com.gugga.radiomini [2012.07.25 11:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DAEMON Tools Lite [2012.08.13 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Dropbox [2011.12.22 01:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft [2011.07.20 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.27 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\eSobi [2011.06.23 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FreeFLVConverter [2010.08.25 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GetRightToGo [2011.11.06 23:03:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IcoFX [2011.08.21 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ [2009.08.30 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LG Electronics [2010.01.29 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Morpheus Software [2011.10.29 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mp3tag [2011.10.29 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MusicBrainz [2011.08.13 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nvu [2009.10.14 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org [2010.08.22 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst [2010.04.01 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SecondLife [2009.08.25 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SPORE Creature Creator [2010.02.04 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\STOIK [2010.05.10 22:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client [2010.08.29 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Turbine [2012.07.24 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent [2011.12.25 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wacom [2011.12.25 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.10.08 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer [2012.09.01 12:35:38 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von Linya (01.09.2012 um 16:33 Uhr) |
|
01.09.2012, 16:37
| #7 |
| | Funde: PUP.Blabbers und Trojan.SpyeyesCode:
ATTFilter OTL Extras logfile created on: 01.09.2012 16:59:45 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = c:\Users\Jenny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 37,26% Memory free
6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 49,36 Gb Free Space | 34,27% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 15,24 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 465,76 Gb Total Space | 236,58 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm Fotowelt] -- "D:\Programme\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C38445-AF55-4626-ABEA-F4A0475BBDAD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0B94C6F8-B1FA-46E7-A81E-768D35F22CB1}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1FC0F839-89C0-444E-B0EA-2F2E49C3CFAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31C3CCD8-BFE8-49AB-B971-FB7C3FC6CF09}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{59438DE2-21FE-490E-A004-E2A0D8DC75ED}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{70710AFC-B322-48A1-B7D1-E764C883D823}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8A4AD6A8-10B0-478B-8A04-E6483AC32C10}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9061396F-2AEF-43CA-A884-777597A80971}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E639AADE-359D-4FAD-A942-72083826C63B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FC980B70-A17B-47A6-86C1-B0540A7F919F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311C8B4-F137-4B20-883B-FA4DFBD40991}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{0D66F652-EB71-4C4F-B4F2-8783AB710EE2}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{0F472933-D79C-422F-89DE-272C10DE7F43}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{14B0664F-D1FC-40D1-8C29-49D7F23BFDDE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{170F9811-0166-4F95-BC07-111DE0B6FD37}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{18911FCF-CEA1-4001-9B2A-10874B579CE9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1CA1BEED-350E-40F3-AC52-8C96C117F7B9}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{1F459D85-0657-4CAF-A5F9-21BD94091F70}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{2362F9B1-6FE0-4148-A122-D03B0130994D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2567D9BA-2DEF-41E8-ABC0-8ADB06020566}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{28F66114-24E9-4EFA-BC8A-8965E95CCD61}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{292C16F0-F366-43E3-A613-8AB770CBA549}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{29C885BE-D034-4466-9F8A-5E7FEBD52DD6}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{335D6608-33D4-457C-A0B0-7974467429A5}" = protocol=6 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{352E3AA6-B708-4254-A3D7-C05911FC6361}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{392B28F9-BC0E-452C-8593-B5688ADB4E54}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{44DC91F9-B3FD-4C00-B8D3-844D0A8C4BF7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{45502E4E-092F-49B1-AC06-D43B9E95AEA6}" = protocol=6 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{455B5C15-BB02-4A13-875B-622C0BE5C55A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{485E181B-D509-408C-BD5A-33B49E26F589}" = protocol=17 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{4CFF1A8E-E564-4E4E-96E2-73F6BF44ACF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4D0A3162-B233-448A-ACEF-878F5E341A2C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{4FFF76A4-5133-4FB0-B56E-384BF524FDA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{537DB8E8-1770-4AD0-8998-2870E54D74E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55782BB4-ED83-46B5-AB93-93F9ECCB4B99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{5F1B3C69-935D-440F-A7F2-F99B656C379A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{6076B964-0B75-40A9-BD76-59A67F1DA942}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6702E16E-13F4-43F3-A5EB-4EFCC112BD94}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{6DC490AB-9AFF-4D24-80FE-CB63D645A6C7}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{75C189BF-AAD7-47C7-A678-89E0B4D66543}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{760648AA-C2FC-4CC3-9D7D-50D5CA29E873}" = protocol=6 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{76A459A5-9788-4A0E-8017-76C2F21FBC5C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7CDCD324-993C-4E4F-B63E-9C876C176A82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{83E3B3EA-4E60-439C-9E7B-0F15DB6189B4}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{85B6ED77-B12A-4D6A-B9DB-077CC791512E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{866CCA5A-D05E-4882-9634-3D51C5FBBDBC}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{87B0F00A-9CBC-435B-9CE9-5D1980C13A2D}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{87C42BB4-C805-493A-A0E1-70D9C4BC882B}" = protocol=17 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{8D47434F-0F66-4966-88EE-606054D649FC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{931E510E-0385-4290-9015-1A05D2A94E0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9F4341BF-F16F-44C2-8E08-10B9314832AC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{A5A42F72-BB21-4A40-B82B-E259C1E6CED8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A8233CF2-CAAD-4B41-A95E-62ADF6B4089A}" = protocol=17 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{B098FDAA-B8EF-41A9-B3DA-DE9E10CE9B39}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B5F70D68-3AF0-49BE-8EE1-008C314E2422}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BA1EE302-8125-4E4E-8B73-FEAC23C3F9EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BFFCA3C9-3B96-4A2F-AB3E-EB8B021F0602}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C67B2A5E-7B01-4D17-AF42-8111E9881A22}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C89FFB57-F7D2-43D9-B3E9-816A9A45D866}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{D0E50ACD-136C-4D0C-99A9-4E4DBADBE0B0}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{D351F1A2-CD85-4A0F-BDFE-5887CB0D9CDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D50664DD-ECC8-4F91-A336-133D57FD409C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D610B657-85EF-43E0-9B11-4AF8A0911D53}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D8C63FD1-5080-40C1-81C5-C9C50F79250C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4447BF4-83FE-4B2F-8D0D-CEA7B40F5103}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{EB5E3053-93A1-4ED7-ACEC-56BCBC7A7E62}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{ECD3ADF2-C36E-41C7-8E2E-7A8069B8290A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F43D50A6-552F-4C8E-882A-C1545396EA2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F7D4A726-BB20-4E35-AE4D-ADB61B8E03DA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{F9AB76AD-8DF8-48E5-8F91-D061ACF73245}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FA2ECDDF-BEE2-4314-8042-55BD183D8352}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FC5D96DE-DC96-46EA-BF95-D6913E392B95}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{FCBB9AB1-EE62-4319-AD18-7FE994F6B25D}" = dir=in | app=d:\programme\powerdirector\powerdirector\pdr.exe |
"{FD95881C-1730-44A6-8ECE-F3EFA94F8085}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"TCP Query User{28C89E53-407E-4F82-9AAF-E031AA7AC942}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"TCP Query User{2ACC8F31-027B-4DD0-88A2-919855AF0B28}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"TCP Query User{3904D328-5B4D-4846-8BDF-E4050CAAA929}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{56A72E0D-2DFE-40F1-BB84-8D515BC1C0CE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5DD841DE-8109-4FA8-8549-E4EDA6F3BC5B}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=6 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"TCP Query User{6CD73801-AA15-418E-A8DB-B6F272A42BD0}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{8E9F7AC9-4CD8-4C70-8CC1-D4FABCA565A6}D:\programme\kaspersky\setup.exe" = protocol=6 | dir=in | app=d:\programme\kaspersky\setup.exe |
"TCP Query User{8FCC004E-88E9-4D3A-9155-52AF6C668E35}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{90056987-C9AE-419D-96D7-5FB7189A10C0}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9E03B506-EBE3-45BC-A021-897E7C7D1CAE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A7ECC04B-A9ED-42D1-B021-73C8EC71B456}D:\programme\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"TCP Query User{BBCCDE66-35B7-4B19-A6CA-EC3DE8A9E794}D:\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"TCP Query User{C0138E9F-7D71-4FEA-AC87-90D72D923183}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C5236DDA-48EB-4C0A-9DA4-B8758E3424BA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D3B4D646-6E9B-459D-B57F-DEF0F41248A7}D:\spiele\spore\eadm\core.exe" = protocol=6 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"TCP Query User{F73FAEF9-AAA5-481F-85E7-98BB08F4B40D}C:\program files\dgs\dgsnetd.exe" = protocol=6 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
"UDP Query User{192570D0-446D-400D-8DCD-0984BED180CA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1DF102CB-4124-4E1F-B8F2-809F2201A2B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{29DE9ED9-D40C-4EDE-AC9D-A1F7C58BD65C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2BF9BCCC-7E76-4EEF-A889-A3B1793589D0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{398360B7-0871-4AC0-B0C0-B2CA6C728D9B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{445F0964-0074-4B59-A59C-8F21ABE70022}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=17 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"UDP Query User{51059E3C-8AC8-4A9F-9B5E-EABA4AE3775B}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{8DC30B06-87DF-452C-8F3D-A5FBF3048230}D:\spiele\spore\eadm\core.exe" = protocol=17 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"UDP Query User{9B5E1074-6FCF-42E3-BE9C-82E27C864B83}D:\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"UDP Query User{A3335517-B7F2-43E3-A9BF-988CF3AAD971}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"UDP Query User{A7CC504C-D2D7-4645-97A6-BCF004CC657A}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"UDP Query User{B4A6FB27-E861-487B-BBD1-976261AF1DE4}D:\programme\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"UDP Query User{C6E3F91F-D1F6-451A-BED3-6C2BD3F1B938}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{D8F48742-8BDA-4C4D-B3F9-BF9538239B4A}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E5E79DF0-0D00-4547-869D-39E49301D009}D:\programme\kaspersky\setup.exe" = protocol=17 | dir=in | app=d:\programme\kaspersky\setup.exe |
"UDP Query User{F9D449BE-AC3E-4599-A138-B56330A9DA7E}C:\program files\dgs\dgsnetd.exe" = protocol=17 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50A76A32-8D75-4839-815C-93054CFD436B}" = V-Ray for Rhinoceros
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579F16AF-AFA0-488C-BE83-71F4C92EC216}" = V-Ray for Rhinoceros
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67574624-BF0F-0407-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-Bit
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8058F9B8-68C6-4769-A1F2-994C4529B2C6}" = V-Ray for Rhinoceros
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = Die Sims 2 HomeCrafter Plus
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}" = YP-U1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.gugga.radiomini" = MoodTuner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark and Light1.0.14.01" = Dark and Light
"DGS Portrait2" = DGS Portrait2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.1
"EADM" = EA Download Manager
"EOS 20D WIA Driver" = EOS 20D WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"GameWiz32" = GameWiz32
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IcoFX_is1" = IcoFX 1.6.4
"Id3Sort Version 1.3.0.13_is1" = Id3Sort Version, 1.3.0.13
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"Lexmark X1100 Series" = Lexmark X1100 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MusicBrainz Picard" = MusicBrainz Picard
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"myGamersCam" = myGamersCam 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"ODSK" = Canon Utilities Original Data Security Tools
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ramsete III" = Ramsete III
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"RocketDock_is1" = RocketDock 1.3.5
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = Ramsete 2.70
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tomb Raider: Anniversary Demo" = Tomb Raider: Anniversary Demo 1.0
"T-Splines for Rhino" = T-Splines for Rhino
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"Word8.0" = Microsoft Word 97
"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"World of Warcraft Trial" = Probeversion von World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.08.2012 11:31:06 | Computer Name = Kessy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.0.4619, Zeitstempel
0x50382fcd, fehlerhaftes Modul xul.dll, Version 15.0.0.4619, Zeitstempel 0x50382f44,
Ausnahmecode 0xc0000005, Fehleroffset 0x001bea47, Prozess-ID 0x13d8, Anwendungsstartzeit
01cd85ecc6964acb.
Error - 30.08.2012 04:10:20 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 12:58:40 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 14:19:57 | Computer Name = Kessy | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 25d8 Anfangszeit: 01cd86db9914554e Zeitpunkt der
Beendigung: 12
Error - 30.08.2012 17:06:47 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 31.08.2012 04:18:29 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:06:29 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:27:04 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:58:50 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 06:38:34 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 13:32:46 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 02.02.2009 15:21:13 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 11:12:35 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 16:11:26 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
< End of report >
|
|
02.09.2012, 09:37
| #8 | |
| /// Helfer-Team | Funde: PUP.Blabbers und Trojan.Spyeyes 1. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter c:\users\jenny\desktop\scitysetup_19235222.exe
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
VT Community
goodware/badware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.00 2010.10.21 -
AntiVir 7.10.13.15 2010.10.21 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
usw........
...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
[2012.04.08 10:11:02 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.09.2012, 10:28
| #9 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes zu 1. Ich habe folgende Einstellungen geändert => Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren => Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren => Dateien und Ordner: Inhalte von Systemordnern anzeigen => aktivieren (entfällt da vista) => Versteckte Dateien und Ordner: => alle Dateien und Ordner anzeigen aktivieren Aber ich konnte die Datei leider nicht finden. zu 2. Hier das OTL Textdokument: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\bbrs_002@blabbers.com folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jenny\Desktop\Programme\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\Programme\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenny
->Temp folder emptied: 473144 bytes
->Temporary Internet Files folder emptied: 4083055 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7014215 bytes
->Google Chrome cache emptied: 6317518 bytes
->Flash cache emptied: 805 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8488289 bytes
RecycleBin emptied: 55656647 bytes
Total Files Cleaned = 78,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_111637
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
03.09.2012, 13:25
| #10 |
| /// Helfer-Team | Funde: PUP.Blabbers und Trojan.Spyeyes erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.09.2012, 15:02
| #11 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes OTL Logfiles: Code:
ATTFilter OTL Extras logfile created on: 03.09.2012 15:30:02 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jenny\Desktop\Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 29,97% Memory free
6,19 Gb Paging File | 2,91 Gb Available in Paging File | 47,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 56,97 Gb Free Space | 39,55% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 6,06 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive G: | 495,00 Mb Total Space | 11,91 Mb Free Space | 2,41% Space Free | Partition Type: FAT32
Drive I: | 465,76 Gb Total Space | 236,58 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Computer Name: KESSY | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm Fotowelt] -- "D:\Programme\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\dm Fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C38445-AF55-4626-ABEA-F4A0475BBDAD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0B94C6F8-B1FA-46E7-A81E-768D35F22CB1}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1FC0F839-89C0-444E-B0EA-2F2E49C3CFAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31C3CCD8-BFE8-49AB-B971-FB7C3FC6CF09}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{59438DE2-21FE-490E-A004-E2A0D8DC75ED}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{70710AFC-B322-48A1-B7D1-E764C883D823}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8A4AD6A8-10B0-478B-8A04-E6483AC32C10}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{9061396F-2AEF-43CA-A884-777597A80971}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E639AADE-359D-4FAD-A942-72083826C63B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FC980B70-A17B-47A6-86C1-B0540A7F919F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311C8B4-F137-4B20-883B-FA4DFBD40991}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{0D66F652-EB71-4C4F-B4F2-8783AB710EE2}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{0F472933-D79C-422F-89DE-272C10DE7F43}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{14B0664F-D1FC-40D1-8C29-49D7F23BFDDE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{170F9811-0166-4F95-BC07-111DE0B6FD37}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{18911FCF-CEA1-4001-9B2A-10874B579CE9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1CA1BEED-350E-40F3-AC52-8C96C117F7B9}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{1F459D85-0657-4CAF-A5F9-21BD94091F70}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{2362F9B1-6FE0-4148-A122-D03B0130994D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2567D9BA-2DEF-41E8-ABC0-8ADB06020566}" = protocol=17 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{28F66114-24E9-4EFA-BC8A-8965E95CCD61}" = protocol=17 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{292C16F0-F366-43E3-A613-8AB770CBA549}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{29C885BE-D034-4466-9F8A-5E7FEBD52DD6}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{335D6608-33D4-457C-A0B0-7974467429A5}" = protocol=6 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{352E3AA6-B708-4254-A3D7-C05911FC6361}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{392B28F9-BC0E-452C-8593-B5688ADB4E54}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{44DC91F9-B3FD-4C00-B8D3-844D0A8C4BF7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{45502E4E-092F-49B1-AC06-D43B9E95AEA6}" = protocol=6 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{455B5C15-BB02-4A13-875B-622C0BE5C55A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{485E181B-D509-408C-BD5A-33B49E26F589}" = protocol=17 | dir=in | app=c:\program files\3dsmax\3dsmax.exe |
"{4CFF1A8E-E564-4E4E-96E2-73F6BF44ACF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4D0A3162-B233-448A-ACEF-878F5E341A2C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{4FFF76A4-5133-4FB0-B56E-384BF524FDA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{537DB8E8-1770-4AD0-8998-2870E54D74E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55782BB4-ED83-46B5-AB93-93F9ECCB4B99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{5F1B3C69-935D-440F-A7F2-F99B656C379A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{6076B964-0B75-40A9-BD76-59A67F1DA942}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6702E16E-13F4-43F3-A5EB-4EFCC112BD94}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{6DC490AB-9AFF-4D24-80FE-CB63D645A6C7}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{75C189BF-AAD7-47C7-A678-89E0B4D66543}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{760648AA-C2FC-4CC3-9D7D-50D5CA29E873}" = protocol=6 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{76A459A5-9788-4A0E-8017-76C2F21FBC5C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7CDCD324-993C-4E4F-B63E-9C876C176A82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{83E3B3EA-4E60-439C-9E7B-0F15DB6189B4}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{85B6ED77-B12A-4D6A-B9DB-077CC791512E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{866CCA5A-D05E-4882-9634-3D51C5FBBDBC}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{87B0F00A-9CBC-435B-9CE9-5D1980C13A2D}" = protocol=6 | dir=in | app=d:\programme\icq\icq7.4\icq.exe |
"{87C42BB4-C805-493A-A0E1-70D9C4BC882B}" = protocol=17 | dir=in | app=d:\spiele\ragnarok\ragexe.exe |
"{8D47434F-0F66-4966-88EE-606054D649FC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{931E510E-0385-4290-9015-1A05D2A94E0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9F4341BF-F16F-44C2-8E08-10B9314832AC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{A5A42F72-BB21-4A40-B82B-E259C1E6CED8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A8233CF2-CAAD-4B41-A95E-62ADF6B4089A}" = protocol=17 | dir=in | app=c:\users\jenny\appdata\roaming\dropbox\bin\dropbox.exe |
"{B098FDAA-B8EF-41A9-B3DA-DE9E10CE9B39}" = protocol=6 | dir=in | app=c:\program files\3dsmax\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B5F70D68-3AF0-49BE-8EE1-008C314E2422}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BA1EE302-8125-4E4E-8B73-FEAC23C3F9EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BFFCA3C9-3B96-4A2F-AB3E-EB8B021F0602}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C67B2A5E-7B01-4D17-AF42-8111E9881A22}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C89FFB57-F7D2-43D9-B3E9-816A9A45D866}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{D0E50ACD-136C-4D0C-99A9-4E4DBADBE0B0}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{D351F1A2-CD85-4A0F-BDFE-5887CB0D9CDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D50664DD-ECC8-4F91-A336-133D57FD409C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D610B657-85EF-43E0-9B11-4AF8A0911D53}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D8C63FD1-5080-40C1-81C5-C9C50F79250C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4447BF4-83FE-4B2F-8D0D-CEA7B40F5103}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{EB5E3053-93A1-4ED7-ACEC-56BCBC7A7E62}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{ECD3ADF2-C36E-41C7-8E2E-7A8069B8290A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F43D50A6-552F-4C8E-882A-C1545396EA2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F7D4A726-BB20-4E35-AE4D-ADB61B8E03DA}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{F9AB76AD-8DF8-48E5-8F91-D061ACF73245}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FA2ECDDF-BEE2-4314-8042-55BD183D8352}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FC5D96DE-DC96-46EA-BF95-D6913E392B95}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{FCBB9AB1-EE62-4319-AD18-7FE994F6B25D}" = dir=in | app=d:\programme\powerdirector\powerdirector\pdr.exe |
"{FD95881C-1730-44A6-8ECE-F3EFA94F8085}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"TCP Query User{28C89E53-407E-4F82-9AAF-E031AA7AC942}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"TCP Query User{2ACC8F31-027B-4DD0-88A2-919855AF0B28}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"TCP Query User{3904D328-5B4D-4846-8BDF-E4050CAAA929}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{56A72E0D-2DFE-40F1-BB84-8D515BC1C0CE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5DD841DE-8109-4FA8-8549-E4EDA6F3BC5B}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=6 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"TCP Query User{6CD73801-AA15-418E-A8DB-B6F272A42BD0}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{8E9F7AC9-4CD8-4C70-8CC1-D4FABCA565A6}D:\programme\kaspersky\setup.exe" = protocol=6 | dir=in | app=d:\programme\kaspersky\setup.exe |
"TCP Query User{8FCC004E-88E9-4D3A-9155-52AF6C668E35}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{90056987-C9AE-419D-96D7-5FB7189A10C0}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9E03B506-EBE3-45BC-A021-897E7C7D1CAE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A7ECC04B-A9ED-42D1-B021-73C8EC71B456}D:\programme\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"TCP Query User{BBCCDE66-35B7-4B19-A6CA-EC3DE8A9E794}D:\programme\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"TCP Query User{C0138E9F-7D71-4FEA-AC87-90D72D923183}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C5236DDA-48EB-4C0A-9DA4-B8758E3424BA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D3B4D646-6E9B-459D-B57F-DEF0F41248A7}D:\spiele\spore\eadm\core.exe" = protocol=6 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"TCP Query User{F73FAEF9-AAA5-481F-85E7-98BB08F4B40D}C:\program files\dgs\dgsnetd.exe" = protocol=6 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
"UDP Query User{192570D0-446D-400D-8DCD-0984BED180CA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1DF102CB-4124-4E1F-B8F2-809F2201A2B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{29DE9ED9-D40C-4EDE-AC9D-A1F7C58BD65C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2BF9BCCC-7E76-4EEF-A889-A3B1793589D0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{398360B7-0871-4AC0-B0C0-B2CA6C728D9B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{445F0964-0074-4B59-A59C-8F21ABE70022}C:\users\jenny\desktop\scitysetup_19235222.exe" = protocol=17 | dir=in | app=c:\users\jenny\desktop\scitysetup_19235222.exe |
"UDP Query User{51059E3C-8AC8-4A9F-9B5E-EABA4AE3775B}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{8DC30B06-87DF-452C-8F3D-A5FBF3048230}D:\spiele\spore\eadm\core.exe" = protocol=17 | dir=in | app=d:\spiele\spore\eadm\core.exe |
"UDP Query User{9B5E1074-6FCF-42E3-BE9C-82E27C864B83}D:\programme\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq6.5\icq.exe |
"UDP Query User{A3335517-B7F2-43E3-A9BF-988CF3AAD971}D:\spiele\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=d:\spiele\secondlifeviewer2\slvoice.exe |
"UDP Query User{A7CC504C-D2D7-4645-97A6-BCF004CC657A}C:\program files\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files\rhinoceros 4.0\system\rhino4.exe |
"UDP Query User{B4A6FB27-E861-487B-BBD1-976261AF1DE4}D:\programme\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=d:\programme\musicbrainz picard\picard.exe |
"UDP Query User{C6E3F91F-D1F6-451A-BED3-6C2BD3F1B938}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{D8F48742-8BDA-4C4D-B3F9-BF9538239B4A}C:\users\jenny\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jenny\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E5E79DF0-0D00-4547-869D-39E49301D009}D:\programme\kaspersky\setup.exe" = protocol=17 | dir=in | app=d:\programme\kaspersky\setup.exe |
"UDP Query User{F9D449BE-AC3E-4599-A138-B56330A9DA7E}C:\program files\dgs\dgsnetd.exe" = protocol=17 | dir=in | app=c:\program files\dgs\dgsnetd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50A76A32-8D75-4839-815C-93054CFD436B}" = V-Ray for Rhinoceros
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579F16AF-AFA0-488C-BE83-71F4C92EC216}" = V-Ray for Rhinoceros
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67574624-BF0F-0407-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-Bit
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8058F9B8-68C6-4769-A1F2-994C4529B2C6}" = V-Ray for Rhinoceros
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = Die Sims 2 HomeCrafter Plus
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}" = YP-U1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection
AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.gugga.radiomini" = MoodTuner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark and Light1.0.14.01" = Dark and Light
"DGS Portrait2" = DGS Portrait2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.1
"EADM" = EA Download Manager
"EOS 20D WIA Driver" = EOS 20D WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"GameWiz32" = GameWiz32
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IcoFX_is1" = IcoFX 1.6.4
"Id3Sort Version 1.3.0.13_is1" = Id3Sort Version, 1.3.0.13
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{FA52513B-03C2-4631-BE42-03ACF9226179}" = Tablett
"Lexmark X1100 Series" = Lexmark X1100 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MusicBrainz Picard" = MusicBrainz Picard
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"myGamersCam" = myGamersCam 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"ODSK" = Canon Utilities Original Data Security Tools
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Ramsete III" = Ramsete III
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"RocketDock_is1" = RocketDock 1.3.5
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = Ramsete 2.70
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tomb Raider: Anniversary Demo" = Tomb Raider: Anniversary Demo 1.0
"T-Splines for Rhino" = T-Splines for Rhino
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"Word8.0" = Microsoft Word 97
"Zoo Tycoon 1.0" = Zoo Tycoon-Erweiterungen
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"World of Warcraft Trial" = Probeversion von World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.08.2012 04:18:29 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:06:29 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:27:04 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 05:58:50 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 06:38:34 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2012 04:57:40 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2012 05:19:53 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2012 07:19:47 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2012 19:03:57 | Computer Name = Kessy | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: f2c Anfangszeit: 01cd88fcb88ffe9c Zeitpunkt
der Beendigung: 30
Error - 03.09.2012 04:08:54 | Computer Name = Kessy | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:54 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 07:11:57 | Computer Name = Kessy | Source = netbt | ID = 4321
Description = Der Name "KESSY :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.2 registriert werden. Der Computer mit IP-Adresse 192.168.2.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2009 13:32:46 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 02.02.2009 15:21:13 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 11:12:35 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
Error - 03.02.2009 16:11:26 | Computer Name = Kessy | Source = HTTP | ID = 15016
Description =
< End of report >
|
|
03.09.2012, 15:04
| #12 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.09.2012 15:30:02 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jenny\Desktop\Programme Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 29,97% Memory free 6,19 Gb Paging File | 2,91 Gb Available in Paging File | 47,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 56,97 Gb Free Space | 39,55% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 6,06 Gb Free Space | 4,31% Space Free | Partition Type: NTFS Drive G: | 495,00 Mb Total Space | 11,91 Mb Free Space | 2,41% Space Free | Partition Type: FAT32 Drive I: | 465,76 Gb Total Space | 236,58 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Computer Name: KESSY | User Name: Jenny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 11:19:13 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jenny\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.08.31 10:27:08 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\Programme\OTL.exe PRC - [2012.08.27 18:09:13 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012.08.25 03:59:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 18:22:21 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.25 11:49:21 | 000,225,792 | ---- | M] () -- C:\Programme\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe PRC - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe PRC - [2011.09.08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe PRC - [2011.09.08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe PRC - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.02 16:55:28 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010.04.01 11:02:42 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe PRC - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () -- C:\Programme\DGS\dgsnetd.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.07 21:46:56 | 001,468,296 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2008.10.28 14:30:27 | 003,520,512 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.10.28 14:30:19 | 003,602,432 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2008.08.01 10:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.24 16:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.07.24 16:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 11:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.18 17:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.06.04 14:03:36 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.23 12:22:38 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.04.23 12:22:38 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.03.25 16:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.exe PRC - [2007.04.03 07:09:18 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- D:\Programme\CS3\Adobe Photoshop CS3\Photoshop.exe PRC - [2007.03.26 21:27:00 | 003,758,240 | ---- | M] (Adobe Systems Incorporated) -- D:\Programme\CS3\Adobe InDesign CS3\InDesign.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 18:09:13 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012.08.25 03:59:17 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.15 10:53:01 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.15 10:50:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 10:50:32 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.14 11:13:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 10:35:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.14 10:35:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.12.25 11:49:21 | 000,225,792 | ---- | M] () -- C:\Programme\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe MOD - [2011.09.27 05:45:40 | 000,060,504 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooWinTab.dll MOD - [2011.09.08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.09.05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () -- C:\Programme\DGS\dgsnetd.exe MOD - [2008.10.28 14:17:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.10.28 14:17:21 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.10.28 14:17:21 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.07.24 16:54:20 | 000,757,760 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.07.24 16:54:16 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.06.11 10:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.05.14 17:05:10 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- D:\Programme\RocketDock\RocketDock.dll MOD - [2007.04.03 07:10:00 | 002,342,912 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\Photoshop.dll MOD - [2007.04.03 07:09:18 | 000,049,152 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\QuickTimeGlue.dll MOD - [2007.04.03 07:09:14 | 000,393,216 | ---- | M] () -- D:\Programme\CS3\Adobe Photoshop CS3\AdobeXMP.dll MOD - [2007.03.26 00:10:46 | 001,601,536 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\Plug-Ins\Filters\Sangam Readers\Reader For QuarkXPress.smrd MOD - [2007.03.26 00:10:46 | 000,880,640 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\Plug-Ins\Filters\Sangam Readers\Reader for XLSX.smrd MOD - [2007.03.26 00:10:46 | 000,872,448 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\Plug-Ins\Filters\Sangam Readers\Reader for DOCX.smrd MOD - [2007.03.26 00:10:46 | 000,770,048 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\Plug-Ins\Filters\Sangam Readers\Reader For PageMaker.smrd MOD - [2007.03.26 00:10:44 | 000,589,824 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\boost_regex-vc80-mt-1_33.dll MOD - [2007.03.26 00:10:44 | 000,139,264 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\aldfs32CJK.dll MOD - [2007.03.26 00:10:44 | 000,039,424 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\aldvm32CJK.dll MOD - [2007.03.26 00:10:42 | 000,929,792 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\SangamML.dll MOD - [2007.03.26 00:10:40 | 000,126,976 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\PMFileReader.dll MOD - [2007.03.26 00:10:38 | 000,798,720 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\HaleyRulesSPruntime.dll MOD - [2007.03.26 00:10:38 | 000,389,120 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\AdobeXMP.dll MOD - [2007.03.26 00:10:38 | 000,039,936 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\HaleyRulesSPclient4runtime.dll MOD - [2007.03.26 00:10:38 | 000,035,840 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\HScommon.dll MOD - [2007.03.26 00:10:38 | 000,021,504 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\HScommonRBtreeThreadSafe.dll MOD - [2007.03.26 00:10:38 | 000,005,120 | ---- | M] () -- D:\Programme\CS3\Adobe InDesign CS3\HaleyRulesSPini4runtime.dll ========== Services (SafeList) ========== SRV - [2012.08.30 21:57:58 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.02 16:55:28 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.01 11:02:42 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32) SRV - [2009.09.04 12:26:19 | 000,446,976 | ---- | M] () [Auto | Running] -- C:\Programme\DGS\dgsnetd.exe -- (DGSnetd) SRV - [2008.10.28 14:30:19 | 003,602,432 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.03.20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Spiele\setups\MastelaRO Full Client\npkcrypt.sys -- (npkcrypt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.25 11:23:41 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.08 18:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2010.10.21 10:45:18 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2010.10.21 10:45:16 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2010.10.21 10:45:16 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2010.09.27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2010.09.27 17:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2010.09.27 17:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2010.05.12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2008.10.28 14:30:15 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.10.06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.07.18 18:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 17:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.02.16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2005.11.16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iviVD.sys -- (iviVD) DRV - [2001.04.09 20:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\penclass.sys -- (PenClass) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 18:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 15:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 12:12:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\version4\components [2011.06.14 17:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\version4\plugins [2012.09.01 12:12:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.13 17:41:53 | 000,000,000 | ---D | M] [2009.01.27 22:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions [2012.09.02 11:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions [2010.04.30 22:55:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.31 23:38:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.20 21:43:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 21:42:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 21:09:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(147) [2010.08.19 21:09:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(148) [2011.02.17 00:34:07 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\743hbu9z.default\extensions\tineye@ideeinc.com [2012.08.28 21:44:50 | 000,001,056 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\743hbu9z.default\searchplugins\icqplugin.xml [2012.08.29 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\version4\extensions [2011.05.01 00:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\version4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.08.31 23:21:26 | 000,527,328 | ---- | M] () (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\743HBU9Z.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.10.29 21:09:53 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\743HBU9Z.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Foxkeh Theme = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfmcddmngjdmjmhhpcnbnmnkdhpjhef\0.0.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartDGSnetd] C:\Programme\DGS\dgsnetd.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local security authentication server.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Programme\icq\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F6CE43-4FE6-4393-8EC7-B3A4A2B65993}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.02 22:51:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.03 13:04:24 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E26D1630-14A1-4254-BCE9-BFDBDD6B6A52} [2012.09.03 00:48:10 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\FloodLightGames [2012.09.02 23:09:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{49DBB4BF-B7E6-4B5C-87C2-DC0D3C81C70B} [2012.09.02 11:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{31F36D40-0C12-4DA2-8AF2-4CFAD51BD8F9} [2012.09.01 23:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{45735C3F-401F-4CC3-B46D-F002431B2F69} [2012.09.01 11:54:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.01 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.09.01 11:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B128F32D-7D48-4D9A-80C0-977CA7D2C7C0} [2012.08.31 23:04:28 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{A36FFF7C-69B7-439D-B515-AF947C1E9647} [2012.08.31 10:22:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E375D325-143A-43A7-A519-61A1C9D500B4} [2012.08.30 22:21:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC05CAF2-DDD5-4271-B1F1-ABAEE7AEF83A} [2012.08.30 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Profiles [2012.08.30 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\743hbu9z.default [2012.08.30 10:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{75513B9D-D703-4963-86DD-443587B5B92D} [2012.08.29 15:12:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{628E1020-0280-4559-822A-56639F0EC5A1} [2012.08.28 11:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{A301DAB2-8D8F-4C17-83DE-F1B635D1426D} [2012.08.27 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{56ECC2C0-F7FD-4E7D-8129-C97D628F6822} [2012.08.26 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Neuer Ordner [2012.08.26 09:17:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F60A620D-CBA8-45CB-818D-3889C6594C09} [2012.08.25 13:28:04 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1E19FFD3-EF94-40D9-9A1D-12F15A50D8DE} [2012.08.24 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FC6CED50-E4BE-42D3-B2BD-473B94E3170F} [2012.08.23 22:51:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4A4EB1BB-6349-4C66-A3AE-D0BD2F5B4993} [2012.08.23 10:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{28FB832A-91CD-48EE-BCF9-8850A31DCF5E} [2012.08.22 10:15:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8E8C1E43-278D-43D2-81F2-1B25559C3B0F} [2012.08.21 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C4F497D5-AEDD-4AE5-A7C3-4AD7CCC35962} [2012.08.20 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DDD14536-F76F-4A3F-966A-DA1B4EB7897B} [2012.08.20 11:07:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.20 11:01:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.20 11:01:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.20 11:01:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.20 11:01:30 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.20 11:01:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.08.20 11:01:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.08.20 11:01:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.08.20 11:01:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.08.20 11:01:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.20 11:01:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.08.20 11:01:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.08.20 11:01:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.08.20 11:01:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.08.20 11:01:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.08.20 11:01:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.20 11:01:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.08.20 11:01:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.20 11:01:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.08.20 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{33541514-8C76-43D3-A30E-94E8599DC555} [2012.08.19 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D727D75B-CA0D-457B-B127-6205A6E544F1} [2012.08.18 20:46:19 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E68A5A6B-232B-4959-9392-2C2D01D5C5B3} [2012.08.18 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1ACEAB98-F114-4743-8BA5-6E718CF7F6E0} [2012.08.17 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{C9D6317B-E179-4DE7-9F60-6FB1A50194E9} [2012.08.17 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{3E260075-0AC8-411B-8760-2375BC11689B} [2012.08.16 21:58:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{10C3ABE8-0035-4D27-A8C1-0A843606DA31} [2012.08.16 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{985ABF91-167C-445D-A4DE-E0AB14E9BADD} [2012.08.16 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{22783D17-7C37-48F8-9B8A-A38FE8D92C1B} [2012.08.15 18:14:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9CBD5DCB-6D5F-4055-B4EA-E516E0CC44E8} [2012.08.15 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{4AC2238A-A41B-4200-B0EF-6113ACCE1FC8} [2012.08.14 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{9A770879-7A13-4685-9686-525AD1987F36} [2012.08.14 14:24:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{DC85DFCC-0DE1-46EE-96FB-80E1E1D05918} [2012.08.13 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{8C606F86-FB55-48C5-9AF4-5A60423F5F4E} [2012.08.13 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EAB836C9-5D9D-42DB-AE85-EA2192E82A99} [2012.08.13 07:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1CA72312-D287-4210-B24F-1EDA7AEB2FBB} [2012.08.13 07:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{ED896EE9-A3AC-43A7-9BE5-FE93E2A2BA25} [2012.08.12 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{D89DCEFA-1351-4F58-97AE-0203DC3CA376} [2012.08.12 12:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{EF1C9239-4DD0-4B34-B9A2-C00972C16096} [2012.08.11 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E9C74C1F-03D7-4543-A0D7-5F43F4927DF9} [2012.08.11 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1779E30E-C28C-4838-9B86-46435243D126} [2012.08.10 17:38:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B485E729-89A1-40EC-9D5C-C5BADD87FB24} [2012.08.10 17:38:11 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{04C0137A-5BF1-4326-BE44-3EA97C5A9687} [2012.08.09 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{F08F020C-1F6B-4277-B913-4FEFD912DC1C} [2012.08.09 16:13:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{6538CCE4-5C76-40DB-903C-6F3198ADAB30} [2012.08.08 16:38:32 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{7A260BEF-FD13-4865-9AA9-C80617C7FF34} [2012.08.08 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{58C146BD-AA54-4F15-A340-AC69371FBA87} [2012.08.07 21:32:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.08.07 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{5B2D35CB-0C5A-4952-BE52-5E175C01E43F} [2012.08.07 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{80C55C10-E0C6-4A1F-9CFD-E19C5B3DCDCF} [2012.08.06 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{E5ACFDF6-FF99-4258-8BD0-016094979E28} [2012.08.06 13:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{FF6E6317-2E4F-4C1B-8D56-9903781CFCD8} [2012.08.05 15:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{B851BA96-7EB4-4B17-ACE7-095C724C37B1} [2012.08.05 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\{1953354E-6BF2-46E0-BB62-746703108C7A} [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.03 15:14:20 | 000,130,172 | ---- | M] () -- C:\Users\Jenny\Desktop\serk.jpg [2012.09.03 14:16:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.09.03 14:07:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 14:07:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 13:46:00 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.03 13:46:00 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.03 13:46:00 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.03 13:46:00 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.03 10:11:08 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.03 10:08:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.03 10:07:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.03 10:07:18 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 01:04:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.03 01:03:16 | 000,069,885 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.01 12:34:30 | 000,008,806 | ---- | M] () -- C:\Users\Jenny\Desktop\cc_20120901_123348.reg [2012.08.30 14:03:29 | 000,314,008 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | M] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.29 19:03:09 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 19:03:09 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.26 22:09:36 | 000,220,160 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.23 17:00:27 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2012.08.21 15:16:29 | 002,543,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 10:08:36 | 000,007,962 | ---- | M] () -- C:\cc_20120813_100832.reg [2012.08.13 09:57:34 | 000,002,299 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [1 C:\Users\Jenny\Documents\*.tmp files -> C:\Users\Jenny\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.03 15:08:55 | 000,130,172 | ---- | C] () -- C:\Users\Jenny\Desktop\serk.jpg [2012.09.01 12:34:18 | 000,008,806 | ---- | C] () -- C:\Users\Jenny\Desktop\cc_20120901_123348.reg [2012.09.01 12:12:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.30 14:03:29 | 000,314,008 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks.html [2012.08.30 13:09:57 | 000,121,230 | ---- | C] () -- C:\Users\Jenny\Desktop\bookmarks-2012-08-30.json [2012.08.13 10:08:35 | 000,007,962 | ---- | C] () -- C:\cc_20120813_100832.reg [2011.12.28 22:42:43 | 000,153,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.12.26 22:42:10 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2011.12.23 01:03:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.21 20:27:57 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.12.21 20:27:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.21 20:27:56 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2011.09.06 22:41:28 | 000,000,314 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.26 14:35:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.06.23 17:31:10 | 000,000,275 | ---- | C] () -- C:\Users\Jenny\AppData\Local\HamsterVideoConverterSettings.cfg [2011.02.06 15:16:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.02.06 15:16:59 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.20 23:23:44 | 000,200,704 | ---- | C] () -- C:\Windows\System32\BongoSDK.10.v40.dll [2011.01.04 10:56:56 | 001,630,700 | ---- | C] () -- C:\Program Files\dgs_install.zip [2011.01.04 10:56:12 | 000,022,376 | -H-- | C] () -- C:\Users\Jenny\.sw-main934 [2011.01.04 10:56:12 | 000,002,560 | -H-- | C] () -- C:\Users\Jenny\.sw-recents [2010.09.13 17:31:10 | 000,197,053 | ---- | C] () -- C:\Windows\hpwins27.dat [2010.08.29 21:36:18 | 000,000,093 | ---- | C] () -- C:\Users\Jenny\AppData\Local\fusioncache.dat [2009.12.29 03:06:59 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2009.02.01 13:33:46 | 000,220,160 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.30 21:06:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.27 19:11:27 | 000,002,299 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\acervcmtmp.ini [2009.01.27 18:15:05 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.01.27 18:12:48 | 000,069,885 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2009.02.07 01:05:03 | 000,000,000 | -HSD | M] -- C:\Users\Jenny\AppData\Roaming\.# [2009.02.17 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Acer GameZone Console [2011.10.29 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Atari [2011.01.30 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Autodesk [2010.01.30 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Blender Foundation [2011.12.25 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\com.gugga.radiomini [2012.07.25 11:31:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DAEMON Tools Lite [2012.08.13 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Dropbox [2011.12.22 01:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoft [2011.07.20 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.27 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\eSobi [2012.09.03 00:48:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FloodLightGames [2011.06.23 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FreeFLVConverter [2010.08.25 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GetRightToGo [2011.11.06 23:03:06 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IcoFX [2011.08.21 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ [2009.08.30 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LG Electronics [2010.01.29 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Morpheus Software [2011.10.29 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mp3tag [2011.10.29 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\MusicBrainz [2011.08.13 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Nvu [2009.10.14 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org [2010.08.22 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst [2010.04.01 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SecondLife [2009.08.25 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SPORE Creature Creator [2010.02.04 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\STOIK [2010.05.10 22:09:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client [2010.08.29 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Turbine [2012.07.24 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent [2011.12.25 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wacom [2011.12.25 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.10.08 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer [2012.09.03 01:04:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7 < End of report > |
|
03.09.2012, 15:12
| #13 | ||||
| /// Helfer-Team | Funde: PUP.Blabbers und Trojan.Spyeyes ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local security authentication server.lnk = File not found
[2012.09.03 14:16:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:8AB6C1D7
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Zitat:
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
3. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
4. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
5. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 6. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! ► Internet Explorer aktualisieren: - Version 9 ist aktuell! Du kannst gleich Windows Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9 Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann. Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.09.2012, 10:17
| #14 |
| | Funde: PUP.Blabbers und Trojan.Spyeyes Ganz lieben Dank für die Hilfe  Scheint alles stabil zu laufen. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local security authentication server.lnk moved successfully.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jenny\Desktop\Programme\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\Programme\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenny
->Temp folder emptied: 733778 bytes
->Temporary Internet Files folder emptied: 18672230 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56133248 bytes
->Google Chrome cache emptied: 27823791 bytes
->Flash cache emptied: 58385 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8526847 bytes
RecycleBin emptied: 4092242 bytes
Total Files Cleaned = 111,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_103805
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Funde: PUP.Blabbers und Trojan.Spyeyes |
| .dll, appdatalow, autostart, avira, browser, dateien, desktop, explorer, festplatte, firefox, folge, gelöscht, google, home, install.exe, internet, internet browser, internet explorer, löschen, malwarebytes, microsoft, mozilla, normaler modus, ordner, recycle.bin, registrierungsdatenbank, scan, software, suche, vista, windows |
.
Linear-Darstellung
