| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes bricht ständig abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2013, 20:02
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malwarebytes bricht ständig ab adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.01.2013, 21:09
| #17 |
 | Malwarebytes bricht ständig ab AdwCleaner:
__________________Code:
ATTFilter # AdwCleaner v2.106 - Datei am 20/01/2013 um 20:21:15 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kirstin - KIRSTINS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kirstin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Kirstin\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files\Suche_Deutschland
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Kirstin\AppData\Local\APN
Ordner Gelöscht : C:\Users\Kirstin\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Kirstin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Kirstin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kirstin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kirstin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kirstin\AppData\LocalLow\Suche_Deutschland
Ordner Gelöscht : C:\Users\Kirstin\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Kirstin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Kirstin\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Kirstin\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Suche_Deutschland
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Suche_Deutschland Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4EB4BD89-4701-4106-A78C-3C01E8CD02D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EB4BD89-4701-4106-A78C-3C01E8CD02D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2303923
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CE2C24C-CBA8-4424-8120-7771EF7DC92A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6909F59-197A-4762-B1E0-C6AC3EA44824}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4EB4BD89-4701-4106-A78C-3C01E8CD02D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Suche_Deutschland Toolbar
Schlüssel Gelöscht : HKLM\Software\Suche_Deutschland
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{937F343C-C9C2-4235-B544-7FC4DA2F2594}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{937F343C-C9C2-4235-B544-7FC4DA2F2594}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{937F343C-C9C2-4235-B544-7FC4DA2F2594}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{937F343C-C9C2-4235-B544-7FC4DA2F2594}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\prefs.js
C:\Users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Suche Deutschland Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2303923&Sea[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "de");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=112843&babsrc=NT_[...]
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 81160409);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112843&babsrc=N[...]
Gelöscht : user_pref("extensions.asktb.FeaturePageVersion", "1");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.OOBEVersion", "1");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2");
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AGS");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.cr-o", "APN10261");
Gelöscht : user_pref("extensions.asktb.crumb", "2012.11.06+23.12.45-toolbar009iad-DE-SGFtYnVyZyxHZXJtYW55");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]
Gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://redirect.avira.com/?operationtype=install&lng[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "c499b9f8-8ea2-43a8-b166-8e5718f8f42b");
Gelöscht : user_pref("extensions.asktb.hpr", "YES");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1358670022551");
Gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1353970746319");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Hamburg,Germany");
Gelöscht : user_pref("extensions.asktb.nthp", "YES");
Gelöscht : user_pref("extensions.asktb.nthp_prev", "1");
Gelöscht : user_pref("extensions.asktb.o", "APN10261");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "5");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "B51F3D41-F8DA-4BC7-A3B0-29FCBD8F8293");
Gelöscht : user_pref("extensions.asktb.search-history-queries", "horsemanshipschule||info@stapeline.com||info@p[...]
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "07.11.2012 08:15:02");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.13.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.13.33021");
Gelöscht : user_pref("extensions.enabledAddons", "adblockpopups%40jessehakanen.net:0.5,browserlab%40adobe.com:1[...]
Gelöscht : user_pref("extensions.funmoods.aflt", "sware");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "AF77880F1E50D17D9E790BD397E75F81");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2Xzuy[...]
Gelöscht : user_pref("extensions.funmoods.id", "001F1698B70E1EF7");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15580");
Gelöscht : user_pref("extensions.funmoods.instlRef", "sware");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:24:55");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=sware&chnl=sware&cd=2Xz[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=sware&chnl=sware&cd=2[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:24:55");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:24:55");
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.17");
Gelöscht : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
-\\ Google Chrome v24.0.1312.52
Datei : C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyC[...]
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]
Gelöscht [l.1835] : homepage = "hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyz[...]
Gelöscht [l.2258] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]
*************************
AdwCleaner[R1].txt - [35587 octets] - [20/01/2013 19:17:46]
AdwCleaner[R2].txt - [35648 octets] - [20/01/2013 20:20:34]
AdwCleaner[S1].txt - [34875 octets] - [20/01/2013 20:21:15]
########## EOF - C:\AdwCleaner[S1].txt - [34936 octets] ##########
|
|
20.01.2013, 22:15
| #18 |
| | Malwarebytes bricht ständig ab OTL.txt:
__________________Code:
ATTFilter OTL logfile created on: 20.01.2013 21:22:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kirstin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 44,68% Memory free 4,97 Gb Paging File | 3,38 Gb Available in Paging File | 68,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 207,80 Gb Free Space | 45,57% Space Free | Partition Type: NTFS Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kirstin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Kirstin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\lxctcoms.exe ( ) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3321.40413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3321.40414__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3321.40356__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3321.40325__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3294.18795__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (Napsuivcudm) -- File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( ) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (AdobeVersionCue) -- C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Kirstin\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112843&babsrc=SP_ss&mntrId=5ed31ef70000000000000017c47d807f IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{61D67AE6-764E-4fe3-9EA9-EED03317C725}: "URL" = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms} IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE330DE330 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE330DE330&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c499b9f8-8ea2-43a8-b166-8e5718f8f42b&apn_sauid=B51F3D41-F8DA-4BC7-A3B0-29FCBD8F8293 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..backup.old.browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: browserlab%40adobe.com:1.0.0.1227P.314153 FF - prefs.js..extensions.enabledAddons: firebug%40tools.sitepoint.com:1.6 FF - prefs.js..extensions.enabledAddons: firebugpaintevents%40kylescholz.com:0.1.8 FF - prefs.js..extensions.enabledAddons: firefinder%40robertnyman.com:1.2.5 FF - prefs.js..extensions.enabledAddons: icffirebug%40robertnyman.com:1.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7B9aad3da6-6c46-4ef0-9109-6df5eaaf597c%7D:1.4.1 FF - prefs.js..extensions.enabledAddons: %7B9BAE5926-8513-417d-8E47-774955A7C60D%7D:1.1.1d FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.6 FF - prefs.js..extensions.enabledItems: browserlab@adobe.com:1.0.0.1009P.274944 FF - prefs.js..extensions.enabledItems: firefinder@robertnyman.com:1.01 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: icffirebug@robertnyman.com:1.0 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us01.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.21 08:22:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M] [2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions [2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.20 20:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions [2011.04.09 20:02:41 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(316) [2011.04.09 20:02:44 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}(317) [2011.04.06 11:07:59 | 000,000,000 | ---D | M] (Firebug Autocompleter) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}(318) [2009.12.17 00:36:51 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D} [2010.06.02 11:38:59 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(358) [2010.12.03 10:40:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(491) [2010.02.06 09:15:15 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}(249) [2010.07.27 06:35:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(692) [2012.04.02 06:57:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(820) [2012.11.25 22:07:02 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\browserlab@adobe.com [2011.04.26 09:45:23 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\flashfirebug@o-minds(315).com [2012.09.19 21:23:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\ich@maltegoetz.de [2011.03.13 20:21:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\personas@christopher.beard [2010.07.29 22:55:34 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\YoutubeDownloader@PeterOlayev(691).com [2012.11.14 21:43:16 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.01.05 19:48:11 | 000,013,169 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\DrupalForFirebug@drupal.org.xpi [2012.12.13 10:23:31 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@software.joehewitt.com.xpi [2012.11.25 22:07:02 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@tools.sitepoint.com.xpi [2012.11.25 22:07:02 | 000,006,131 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebugpaintevents@kylescholz.com.xpi [2012.11.25 22:07:02 | 000,043,807 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firefinder@robertnyman.com.xpi [2012.11.25 22:07:02 | 000,011,251 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\icffirebug@robertnyman.com.xpi [2012.11.12 09:57:49 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\info@skymeissner.com.xpi [2013.01.11 19:55:53 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012.11.25 22:07:02 | 000,338,733 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi [2012.11.22 15:12:27 | 000,876,990 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.05 19:48:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.09.06 17:20:33 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.12.21 13:16:58 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.01.20 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.18 21:40:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.18 21:40:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 07:37:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:24:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 07:37:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.01 06:33:42 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.06.21 07:37:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 07:37:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 07:37:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2013.01.19 10:20:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Akamai NetSession Interface] C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [D490D4BEFDEAEF6310F5FBDFAEDB8D5359769B10._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C127B67-4A0E-49B6-A4E5-0D313D95E43A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 21:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe [2013.01.19 10:24:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.19 09:52:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.19 09:52:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.19 09:52:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.19 09:52:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.19 09:50:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.18 21:43:45 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe [2013.01.18 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.17 23:26:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe [2013.01.17 22:18:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe [2013.01.17 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.16 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\Desktop\mbar [2013.01.14 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 09:07:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.14 09:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.13 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Malwarebytes [2013.01.13 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 10:33:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 10:32:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.07 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\HPAppData [2013.01.06 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.22 03:01:41 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 03:01:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.20 21:31:10 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.20 21:12:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe [2013.01.20 21:04:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.20 20:57:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.20 20:57:23 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.01.20 20:57:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 20:57:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 20:57:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.01.20 20:56:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.20 20:56:51 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys [2013.01.20 18:54:37 | 000,574,677 | ---- | M] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe [2013.01.20 17:39:38 | 000,000,680 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat [2013.01.19 10:20:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.19 08:23:42 | 000,089,600 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.18 21:45:04 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe [2013.01.17 23:26:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe [2013.01.17 23:14:25 | 000,000,512 | ---- | M] () -- C:\Users\Kirstin\Desktop\MBR.dat [2013.01.17 22:57:40 | 303,258,382 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.17 22:19:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe [2013.01.17 14:45:26 | 000,002,085 | ---- | M] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk [2013.01.16 07:49:08 | 013,462,931 | ---- | M] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip [2013.01.14 09:07:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 07:38:03 | 004,178,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.10 00:22:56 | 000,628,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.10 00:22:56 | 000,596,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.10 00:22:56 | 000,126,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.10 00:22:56 | 000,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 10:06:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.09 10:06:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.07 08:26:12 | 000,065,415 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0010.pdf [2013.01.07 08:23:38 | 000,116,893 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0012.pdf [2013.01.07 08:21:39 | 000,115,993 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0011.jpg [2013.01.06 00:39:00 | 000,001,787 | ---- | M] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk [2013.01.06 00:24:19 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.04 20:44:35 | 000,001,456 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.12.31 19:18:59 | 000,007,368 | ---- | M] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html [2012.12.23 00:46:57 | 000,000,133 | ---- | M] () -- C:\Users\Kirstin\Desktop\verkleinerer.set [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.20 18:54:33 | 000,574,677 | ---- | C] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe [2013.01.20 17:39:38 | 000,000,680 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat [2013.01.19 09:52:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.19 09:52:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.19 09:52:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.19 09:52:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.19 09:52:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.17 23:14:25 | 000,000,512 | ---- | C] () -- C:\Users\Kirstin\Desktop\MBR.dat [2013.01.17 14:45:25 | 000,002,085 | ---- | C] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk [2013.01.16 07:48:39 | 013,462,931 | ---- | C] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip [2013.01.14 09:07:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.07 08:23:37 | 000,116,893 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0012.pdf [2013.01.07 08:21:39 | 000,115,993 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0011.jpg [2013.01.07 07:18:24 | 000,065,415 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0010.pdf [2013.01.06 00:39:00 | 000,001,787 | ---- | C] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk [2012.12.31 19:18:59 | 000,007,368 | ---- | C] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html [2012.10.02 12:30:22 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.10.02 12:30:22 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.10.02 12:30:20 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.10.02 12:30:18 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.08.28 22:29:13 | 000,065,024 | ---- | C] () -- C:\Windows\System32\wlaopref.exe [2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.04.30 08:32:38 | 000,000,728 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempgui.config [2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.09.07 21:43:04 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.10 13:07:21 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI [2011.05.09 09:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.02.17 23:07:19 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.02.17 22:58:28 | 000,001,456 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.02.16 08:35:38 | 000,000,034 | ---- | C] () -- C:\Users\Kirstin\mm.cfg [2010.08.03 21:40:36 | 000,024,206 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\UserTile.png [2010.07.28 14:07:43 | 003,650,262 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\TempBad Segeberg 2010 Sando Leichte Kür.mp3 [2010.07.17 22:44:48 | 000,013,658 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempplan.xml [2010.07.17 22:44:48 | 000,001,010 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempvprofile.dat [2010.01.24 23:10:39 | 000,003,928 | -H-- | C] () -- C:\Users\Kirstin\AppData\Local\BackupManager.list [2010.01.12 13:38:58 | 000,001,677 | ---- | C] () -- C:\Users\Kirstin\Kalender von Kirstin.ics [2009.12.17 09:29:25 | 000,000,100 | -H-- | C] () -- C:\ProgramData\BackupManager.list [2009.12.17 03:15:57 | 000,002,780 | -H-- | C] () -- C:\Users\Kirstin\BackupManager.list [2009.12.17 01:04:17 | 000,004,836 | -H-- | C] () -- C:\Users\Kirstin\AppData\Roaming\BackupManager.list [2009.10.23 07:12:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.24 06:51:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.06.07 21:36:17 | 000,089,600 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.03 12:24:51 | 000,000,772 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\wklnhst.dat [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2011.09.12 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\26C13EA7-D779-4643-9AB5-334070B15EBD [2012.10.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\4Free [2009.12.17 00:16:32 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\5400 Series [2011.01.06 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\8BF4B188-E5B9-42F4-B63E-F27754744D04 [2009.12.17 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acer GameZone Console [2010.01.25 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acronis [2010.12.10 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Amazon [2012.11.26 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Artisteer [2010.03.01 10:15:35 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Avery [2012.01.30 07:48:00 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\BA46F38A-7DD2-49DA-91FB-9766CBF88899 [2012.02.28 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Blender Foundation [2011.10.14 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\calibre [2011.02.14 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.05.27 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\DA14BE56-1881-4862-8000-E459337B3A83 [2010.07.01 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Digiarty [2012.04.13 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Dropbox [2009.12.17 00:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\eSobi [2013.01.09 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\FileZilla [2009.12.17 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\fotobuch.de AG [2011.01.14 07:42:08 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Gutscheinmieze [2009.12.17 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Helios [2009.12.17 00:20:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Hentrich-Software [2011.01.09 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\kompozer.net [2012.12.10 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Lexware [2009.12.17 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\NCH Swift Sound [2012.04.30 08:22:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia [2012.04.30 08:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia Ovi Suite [2012.10.23 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Optimizer Pro [2010.02.18 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PC Suite [2010.08.03 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PeerNetworking [2009.12.17 00:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PowerCinema [2009.12.17 00:39:12 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Recordpad [2012.12.05 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Samsung [2009.12.17 00:41:02 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\SoftDMA [2011.04.04 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.04.09 00:06:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Temp [2009.12.17 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Template [2010.05.03 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Thunderbird [2011.09.05 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Uniblue [2009.12.17 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Vodafone [2011.03.03 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Windows Live Writer [2011.04.28 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > |
|
20.01.2013, 22:17
| #19 |
| | Malwarebytes bricht ständig ab OTL Extra.txt: Code:
ATTFilter OTL Extras logfile created on: 20.01.2013 21:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kirstin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,37 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 44,68% Memory free
4,97 Gb Paging File | 3,38 Gb Available in Paging File | 68,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 207,80 Gb Free Space | 45,57% Space Free | Partition Type: NTFS
Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SNAPFISH] -- "C:\Program Files\SNAPFISH\SNAPFISH\SNAPFISH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36216B6B-D235-4EEE-BD7C-000D23FBE068}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5890EC8B-D561-4FB6-8BF8-F7EBA199E59B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EC43925-47A6-473E-AE11-735312FA97C5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69749B3D-941C-4BCD-AE5E-924F1EA4E28D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A80AE2F-0572-4280-ADC1-FD212D88110F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{747AE341-FED3-4DF8-A51E-964CA28E7B65}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CB067D0-19BF-47FE-83AC-CA0CE777BC72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58CA460-0C64-4233-90A6-8F43BEA08B57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA5F590D-4D55-47A6-9165-F2BCDE63EBE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFC72BE4-9A88-4734-AA4B-5CAC8F0AB26B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5480AD3-1EFC-4CA0-9AB5-52BE5F7840EF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C891C919-BE4F-438C-A3D8-6994E6D60A5E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{E8328714-4761-4A30-8211-B882A75CECBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7897C-C34F-44C9-A204-15D58CE28078}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{030E6D27-ABD2-4AEF-9A71-2E6413D0802F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{05FA87D4-B383-4F6F-A73B-E7CEEA7F105B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06CB9592-E30B-460B-A93B-C2FDFEDE7DF0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0C8EC47A-FB3E-44C4-A94D-E84281E1EBF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11168A22-D55E-4067-87AB-785E74D1831B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{161E7BE5-6E84-4938-8446-2988729EA90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1999BC21-F33C-407B-8095-596B083FE740}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{19ABFE8C-0159-4DDB-B63B-048F847773BC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{1B882A53-4495-4DA6-B358-A1FEDB48243A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1C59A376-AAAD-43FD-AA89-51A523E6F92A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CA23ACD-0DAA-4E35-A6C1-4E8606982FA4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{1CCA0F32-946D-460C-ADA7-675DF86B3B1A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2119289C-4426-44C6-8DCD-B3D9E4DE59D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{21EC42CF-63DA-4CC0-84F6-3F479EE36735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{22C58FB7-2E8C-4818-B2D4-D7D8FA4F2793}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{23686365-02C7-4943-8E98-50D30A5E868B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{27B7146A-0188-49C3-B2EB-DCBDAF300186}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2CFF7347-B3C8-4A35-A33E-5CC7EE83939A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{321F58FB-6B81-4D2C-8E89-67E8E3294ABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3291AAC7-7B09-4256-918E-EC87D8EA94F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{342B9064-2C3E-4F40-9262-307C6CEF8C60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{34387E27-B86B-478C-8103-458BDD5B5189}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3AD621CD-F3DB-40CC-AA78-F9DE377D7685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CAD15D5-523A-4388-98F3-309D9AFC6B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E502686-CA9B-41E4-8A23-4B4A700DB759}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{45D2F5BF-16C4-4324-93BF-A5E2EE7F73F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47DDC0B4-BE2B-4CFA-9605-83E366123A35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4CEFAB47-00BA-4760-AC32-BEF5814226E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{4EA0F4C2-3E70-4FC3-A19C-C15C6C9A7B1E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F1B65DE-C669-4BA4-9759-6D9516D1B9CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5202A704-E66A-437D-BF0D-99C338C7501C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{57D088B9-7F24-4035-8D61-A9391806B296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58C26802-5231-4762-921C-BF6C80999CA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5F38EDED-815A-4E5F-821C-40A30A729E41}" = protocol=6 | dir=out | app=system |
"{6308DE0B-20A0-4A00-9EDB-9E6881A7778D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{6C975B16-6FC8-47E1-BD02-9A96BC58EEE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7226EADE-9C2B-43B2-83EE-E9D57C77D9F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{79998817-05CF-4709-A9DF-6DD2DC2901D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7D5BD84D-0F97-45C3-BBE9-41810F3828A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D6C2C5C-4D22-48A1-A6FF-D5BA10899DE5}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"{7FC71BDB-44B5-4879-977F-00963824D872}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"{841FD16A-C75C-4A1A-A072-8DCC40BA0134}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{87D28B73-A45A-4391-95E7-226ADFB3BC5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8A3938E5-66B4-475D-B557-4024D07FD56D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CB531D1-CF68-463C-8102-1A593848F9E9}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{94D1EF94-015E-4DA9-B49B-14545B07C76D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{99B7FA1F-AD94-4C46-A434-8C999D1EF40D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9A8F3A3C-4911-4EE4-8828-13ED5167AFA8}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9BD8939B-8EBB-4EDA-85C3-843FA735BDBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A000D248-9E56-4F4E-B333-CB0712FAEEE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{A0FF3DA8-7795-4942-8E76-7DE40C3012C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{A6BDB3F0-A2B3-4CB4-8945-DE79B390BCBE}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{AB95645F-F9FD-4A51-A73A-4DA372DE01D7}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE5A22FF-6A30-4A38-A03A-5186CA80B314}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C0339C8E-05A2-4BEA-9BA3-8D3DCEA0EC93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C069B866-7823-4CCA-8568-4186F651BAA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4C60E83-601B-449E-91AC-58C31D9C07F8}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{CD7D3905-FAF6-4958-B35F-21C1D77F3948}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CDE98BCB-D245-43A3-A1ED-FF0809BB6F46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{DE54707B-A614-480B-A2B0-6B29ACB20A4B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DEECD085-B757-4794-A4B8-F6DAD84383EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E53E42D2-0620-4E7F-8283-1BE761990E5B}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{E6D7B207-484C-4FEA-B76D-8F657BD65A29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{E9AE87DC-A834-448A-ABB6-C3AC06BB5B93}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EACD1FB2-D6F3-4A30-BE57-EBFAA36FA127}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ECF2E501-67E1-473C-94F6-D5EB3B7A9B4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F1248F2F-3A28-4614-9D4B-7E77179E65FD}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{F1A81FFE-A643-469E-9EA3-D4F25E32BE8C}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{F25ABB89-3577-4109-8BB6-24D83231BBEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5451596-6DC2-4BD4-A714-61A0FDC21C2B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FBB7453C-2016-4C0C-AF54-6842C8EBAE03}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{FF85C6A5-7596-4827-8471-594B8742D16A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{0A2AB32D-41E6-4B0E-8BB0-09C34246D30A}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{0F62C7AF-B86A-48CA-9AB7-DE1C73D41889}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{12DE0971-1BF1-44ED-9CC1-809E3D872993}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe |
"TCP Query User{20F8CCC4-3B04-46DD-9679-C56555A1ECFF}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{28B44C2C-4CDD-4C30-B686-A599BE3372DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2F3B54C2-25DB-4B2D-A3AD-FE3E42BFADD3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{395E72D6-FE39-44B9-BD39-67B9C8BF1CB4}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{53816B02-3364-4B3F-A17B-9002B908F151}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{68F3DB9A-408C-433B-B556-6F262AE0E0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7591E67A-9F70-4DC5-BE65-604185DC38AA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7BB806CF-AA53-44FB-9889-040A435A24FF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{9B604713-47BA-4A34-A9F9-933EFAD5C6E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A839EE0A-B44A-41DB-BFED-8C85DAB3C00B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BDD0980B-9157-44F2-8B5C-3B1D41225B62}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{C5426E46-0159-40AF-B355-351F28BA3476}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E52EFD82-D7CD-4684-9976-F089B8708748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F1A75F55-A9E9-45B9-A4A5-FD1F2AE9ADC7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{003A95E7-D78D-4D1E-923A-8C56BD492EBC}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe |
"UDP Query User{0CC12258-FE4E-4B94-9798-E1A8579A7685}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2443B5B0-AE01-499C-8E14-B972E0ED0444}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{394C5E5B-B985-4DD8-ABBE-DAAAF7B997B8}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3E9F7169-53E6-44AE-827E-01C7022ACAE7}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{452A35F5-A707-4A07-B0CC-9125DD178BC3}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{53DF4BE7-96A2-4A97-8590-7351C9ED7BC1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{587CB2E3-373D-43E5-BDB8-BDA5541661C5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70E42497-D304-4F5E-B498-8C4CCF68A412}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{71346BF5-21DD-451C-9CAE-7A475BA80C75}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{72427C59-ED23-4F79-8E00-BDADF5D99540}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9AAFC21-3131-4615-BB0F-430FB027E95D}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C0F6C829-E0F9-4DB1-A33D-37CE16F4AC43}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{C6FF72DF-8615-4698-87C1-F2EF9F45CD27}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E6889EF9-B386-4FCF-BA45-8159E79DBF0A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E9312D64-89A2-4B07-AEC3-6066CC49470A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F738080C-A8B4-41F6-B6D9-7F1468CB4339}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AB7335-3CEF-4747-9CC7-41C600A7E0E9}" = Lexware faktura+auftrag 2013
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1696F18E-2932-8A68-91A8-EAD17895285C}" = CCC Help Polish
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{181AEE57-04D3-26A1-6DCD-5A2084D4C36F}" = CCC Help Danish
"{18433D88-7499-D8F4-5D1C-32A83CC05752}" = CCC Help Chinese Traditional
"{1846A764-A6C1-46D2-B245-DAEDB2FDF5C9}" = Lexware kundenmanager 2011 System
"{195F5712-5E23-4DBB-8413-0EC6F0D60ABA}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{1B8BF8D8-325A-8AEE-CBFE-EC1251C51B0B}" = Catalyst Control Center Core Implementation
"{1E6804DA-9192-F510-7A19-DD505E662D41}" = CCC Help Korean
"{1EBD33A9-2AAF-4CE6-8D62-9D3634C8B43B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25B6FA39-24D1-4B2F-9280-099F2543E6B8}" = Lexware kundenmanager 2009 System
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}" = ArcSoft MediaImpression
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{2CC8130C-D0DC-C15B-21BE-99926467CBD1}" = CCC Help Finnish
"{2D27D952-ACF0-0B27-DC1A-C1DB49CAD846}" = ccc-core-static
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A3653D7-90DA-D323-EE10-02BE5A955051}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{457B1BA7-0829-B9EE-AC06-42BD80CFA6D2}" = ccc-utility
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AEC222A-82B0-A8DB-2BFC-CFB2759B3F36}" = Catalyst Control Center Localization All
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{569A0B32-D216-63C9-9148-B3221BF5C30D}" = CCC Help German
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{591203A7-8794-BDD1-11F3-1447522E4150}" = CCC Help Greek
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{660AB86D-3900-62F4-C790-879ABB6B4CF7}" = CCC Help French
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FA27A0B-8E35-A611-382F-2C31828DBBCA}" = Catalyst Control Center Graphics Light
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83B9F0EF-68CC-6151-0339-BE2DAD01254B}" = Catalyst Control Center Graphics Full New
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3F7BF5-AE97-E6AA-2078-56678841B9F2}" = CCC Help Japanese
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91D87975-616E-C6E2-6AB0-AC48E6E3C8B4}" = Catalyst Control Center InstallProxy
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A0D285EA-5E1F-DC9C-2092-2C8A422E42C3}" = CCC Help Chinese Standard
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A509F7BA-007E-82CF-003D-F8C01A1E8511}" = CCC Help Thai
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2EFA385-09C9-4E52-B4B3-AD15A6D3773B}" = Lexware kundenmanager 2011
"{B4A34D42-758D-8BEE-1F06-D8AFAC8F4002}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BF74F0D6-542B-1D47-1026-31F568D8A798}" = CCC Help Norwegian
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2EE3A10-C169-68C7-5335-2F7FC56DA1A4}" = Catalyst Control Center Graphics Full Existing
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7E1D9E3-3569-5898-714F-22EF74C04B73}" = CCC Help Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9F5AF2-A03A-26C2-7DF6-DAED2368E673}" = CCC Help Czech
"{CF25D77A-BDBE-EE99-EACC-5576FA9FFD19}" = CCC Help Swedish
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DC39A078-4D4C-4EF2-9CAF-69D342D74125}" = Microsoft Sync Framework Runtime v1.0 (x86) de
"{DDA88701-D6FB-783C-5339-4F9875DB7F6B}" = CCC Help Russian
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE132BD-4ADD-D9A1-56C7-356CB939A69E}" = CCC Help Italian
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E250B734-C4C2-8D67-546D-640D6789088D}" = CCC Help Portuguese
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E8D33431-67EA-4DC1-B443-EE989DE532BC}" = Microsoft Sync Framework Services v1.0 (x86) de
"{EAF1DC9B-81CB-AADD-EA03-EE3F7EC9A8D7}" = CCC Help English
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Hilfe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7CE0C98-25D9-853D-63C8-72CD673F693E}" = CCC Help Dutch
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FE215BA1-CFE6-37D1-81A8-231961C4941E}" = ATI Catalyst Install Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AnyDVD" = AnyDVD
"Artisteer 3" = Artisteer 3
"Artisteer 4" = Artisteer 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blender" = Blender
"Buttonz & Tilez" = Buttonz & Tilez
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Designer 2.0_is1" = Designer 2.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FileZilla Client" = FileZilla Client 3.3.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HS Mehrwertsteuer 3.27" = HS Mehrwertsteuer 3.27
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Lexmark 5400 Series" = Lexmark 5400 Series
"LManager" = Launch Manager
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marble Pop 3D" = Marble Pop 3D
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Nokia PC Suite" = Nokia PC Suite
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Pearl Poppers" = Pearl Poppers
"Samplitude Music Studio 15 Download-Version D" = Samplitude Music Studio 15 Download-Version 15.0.1.0 (D)
"Secret Of Six Seas" = Secret Of Six Seas
"Shop for HP Supplies" = Shop for HP Supplies
"SNAPFISH" = SNAPFISH
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX Video Converter_is1" = WinX Video Converter 4.5.2
"XMedia Recode" = XMedia Recode 2.2.9.7
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2013 13:02:36 | Computer Name = Kirstins-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.01.2013 13:20:45 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3079
Description =
Error - 19.01.2013 19:16:39 | Computer Name = Kirstins-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1230 Anfangszeit: 01cdf668a7dfa127 Zeitpunkt der
Beendigung: 152
Error - 19.01.2013 19:17:20 | Computer Name = Kirstins-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6668.5000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1954 Anfangszeit: 01cdf67ea71d87a7 Zeitpunkt
der Beendigung: 0
Error - 19.01.2013 19:18:24 | Computer Name = Kirstins-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6668.5000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 18d4 Anfangszeit: 01cdf69b21b43747 Zeitpunkt
der Beendigung: 0
Error - 20.01.2013 04:09:34 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 04:10:46 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 12:35:35 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 12:36:51 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 15:57:18 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 15:58:45 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 12.08.2009 10:18:58 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4007
seconds with 120 seconds of active time. This session ended with a crash.
Error - 19.09.2009 08:47:51 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 187373
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 16.07.2010 02:34:16 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1385
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 02.03.2011 13:05:00 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19287
seconds with 3120 seconds of active time. This session ended with a crash.
Error - 27.04.2011 22:01:29 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 66840
seconds with 3660 seconds of active time. This session ended with a crash.
Error - 21.08.2012 16:57:46 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135373
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 07.09.2012 04:01:08 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12835
seconds with 4800 seconds of active time. This session ended with a crash.
Error - 19.01.2013 19:18:14 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.06.2009 16:32:08 | Computer Name = Kirstins-PC | Source = HTTP | ID = 15016
Description =
Error - 13.06.2009 16:32:40 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = DCOM | ID = 10005
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2009 06:36:19 | Computer Name = Kirstins-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2009 um 22:57:52 unerwartet heruntergefahren.
< End of report >
|
|
21.01.2013, 08:51
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes bricht ständig abFixen mit OTL
Code:
ATTFilter :OTL
SRV - (Napsuivcudm) -- File not found
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112843&babsrc=SP_ss&mntrId=5ed31ef70000000000000017c47d807f
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{61D67AE6-764E-4fe3-9EA9-EED03317C725}: "URL" = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c499b9f8-8ea2-43a8-b166-8e5718f8f42b&apn_sauid=B51F3D41-F8DA-4BC7-A3B0-29FCBD8F8293
FF - prefs.js..backup.old.browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2013.01.17 23:14:25 | 000,000,512 | ---- | M] () -- C:\Users\Kirstin\Desktop\MBR.dat
[2011.01.14 07:42:08 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Gutscheinmieze
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 09:30
| #21 |
| | Malwarebytes bricht ständig ab OTL nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named Napsuivcudm was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Napsuivcudm deleted successfully.
File File not found not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}\ not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{61D67AE6-764E-4fe3-9EA9-EED03317C725}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61D67AE6-764E-4fe3-9EA9-EED03317C725}\ not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}\ not found.
Prefs.js: "foxsearch" removed from backup.old.browser.search.selectedEngine
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\Kirstin\Desktop\MBR.dat moved successfully.
C:\Users\Kirstin\AppData\Roaming\Gutscheinmieze folder moved successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Kirstin\Desktop\cmd.bat deleted successfully.
C:\Users\Kirstin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
-> No Temporary Internet Files cache folder defined!
User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 56550 bytes
User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes
User: Kirstin
->Temp folder emptied: 1602587 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 2667925 bytes
->FireFox cache emptied: 66777414 bytes
->Google Chrome cache emptied: 206542267 bytes
->Flash cache emptied: 57280 bytes
User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72062 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 265,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 01212013_091822
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
21.01.2013, 10:14
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes bricht ständig ab Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 12:00
| #23 |
| | Malwarebytes bricht ständig ab OTL.txt: Code:
ATTFilter OTL logfile created on: 21.01.2013 11:10:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kirstin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 60,67% Memory free 4,97 Gb Paging File | 3,60 Gb Available in Paging File | 72,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 208,06 Gb Free Space | 45,63% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 128,65 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kirstin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Kirstin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\lxctcoms.exe ( ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3321.40413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3321.40414__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3321.40356__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3321.40325__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3294.18795__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( ) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (AdobeVersionCue) -- C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Kirstin\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE330DE330 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE330DE330&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..backup.old.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: browserlab%40adobe.com:1.0.0.1227P.314153 FF - prefs.js..extensions.enabledAddons: firebug%40tools.sitepoint.com:1.6 FF - prefs.js..extensions.enabledAddons: firebugpaintevents%40kylescholz.com:0.1.8 FF - prefs.js..extensions.enabledAddons: firefinder%40robertnyman.com:1.2.5 FF - prefs.js..extensions.enabledAddons: icffirebug%40robertnyman.com:1.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7B9aad3da6-6c46-4ef0-9109-6df5eaaf597c%7D:1.4.1 FF - prefs.js..extensions.enabledAddons: %7B9BAE5926-8513-417d-8E47-774955A7C60D%7D:1.1.1d FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.6 FF - prefs.js..extensions.enabledItems: browserlab@adobe.com:1.0.0.1009P.274944 FF - prefs.js..extensions.enabledItems: firefinder@robertnyman.com:1.01 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: icffirebug@robertnyman.com:1.0 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us01.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.21 08:22:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M] [2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions [2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.20 20:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions [2011.04.09 20:02:41 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(316) [2011.04.09 20:02:44 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}(317) [2011.04.06 11:07:59 | 000,000,000 | ---D | M] (Firebug Autocompleter) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}(318) [2009.12.17 00:36:51 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D} [2010.06.02 11:38:59 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(358) [2010.12.03 10:40:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(491) [2010.02.06 09:15:15 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}(249) [2010.07.27 06:35:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(692) [2012.04.02 06:57:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(820) [2012.11.25 22:07:02 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\browserlab@adobe.com [2011.04.26 09:45:23 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\flashfirebug@o-minds(315).com [2012.09.19 21:23:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\ich@maltegoetz.de [2011.03.13 20:21:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\personas@christopher.beard [2010.07.29 22:55:34 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\YoutubeDownloader@PeterOlayev(691).com [2012.11.14 21:43:16 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.01.05 19:48:11 | 000,013,169 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\DrupalForFirebug@drupal.org.xpi [2012.12.13 10:23:31 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@software.joehewitt.com.xpi [2012.11.25 22:07:02 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@tools.sitepoint.com.xpi [2012.11.25 22:07:02 | 000,006,131 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebugpaintevents@kylescholz.com.xpi [2012.11.25 22:07:02 | 000,043,807 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firefinder@robertnyman.com.xpi [2012.11.25 22:07:02 | 000,011,251 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\icffirebug@robertnyman.com.xpi [2012.11.12 09:57:49 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\info@skymeissner.com.xpi [2013.01.11 19:55:53 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012.11.25 22:07:02 | 000,338,733 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi [2012.11.22 15:12:27 | 000,876,990 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.05 19:48:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.09.06 17:20:33 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.12.21 13:16:58 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.01.20 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.18 21:40:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.18 21:40:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 07:37:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:24:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 07:37:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.01 06:33:42 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.06.21 07:37:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 07:37:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 07:37:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.4_0\ CHR - Extension: Cut the Rope = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\ CHR - Extension: Skype Click to Call = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2013.01.19 10:20:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Akamai NetSession Interface] C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [D490D4BEFDEAEF6310F5FBDFAEDB8D5359769B10._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C127B67-4A0E-49B6-A4E5-0D313D95E43A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.21 09:18:22 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.20 21:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe [2013.01.19 10:24:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.19 09:52:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.19 09:52:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.19 09:52:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.19 09:52:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.19 09:50:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.18 21:43:45 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe [2013.01.18 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.17 23:26:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe [2013.01.17 22:18:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe [2013.01.17 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.16 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\Desktop\mbar [2013.01.14 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 09:07:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.14 09:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.13 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Malwarebytes [2013.01.13 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 10:33:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 10:32:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.07 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\HPAppData [2013.01.06 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump ========== Files - Modified Within 30 Days ========== [2013.01.21 11:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.21 11:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.21 11:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.21 10:31:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.21 09:26:45 | 000,006,836 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat [2013.01.21 09:22:52 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.21 09:22:50 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.01.21 09:22:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.01.21 09:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.21 09:22:17 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys [2013.01.20 21:12:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe [2013.01.20 18:54:37 | 000,574,677 | ---- | M] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe [2013.01.19 10:20:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.19 08:23:42 | 000,089,600 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.18 21:45:04 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe [2013.01.17 23:26:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe [2013.01.17 22:57:40 | 303,258,382 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.17 22:19:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe [2013.01.17 14:45:26 | 000,002,085 | ---- | M] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk [2013.01.16 07:49:08 | 013,462,931 | ---- | M] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip [2013.01.14 09:07:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 07:38:03 | 004,178,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.10 00:22:56 | 000,628,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.10 00:22:56 | 000,596,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.10 00:22:56 | 000,126,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.10 00:22:56 | 000,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 10:06:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.09 10:06:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.07 08:26:12 | 000,065,415 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0010.pdf [2013.01.07 08:23:38 | 000,116,893 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0012.pdf [2013.01.07 08:21:39 | 000,115,993 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0011.jpg [2013.01.06 00:39:00 | 000,001,787 | ---- | M] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk [2013.01.06 00:24:19 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.04 20:44:35 | 000,001,456 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.12.31 19:18:59 | 000,007,368 | ---- | M] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html [2012.12.23 00:46:57 | 000,000,133 | ---- | M] () -- C:\Users\Kirstin\Desktop\verkleinerer.set ========== Files Created - No Company Name ========== [2013.01.20 18:54:33 | 000,574,677 | ---- | C] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe [2013.01.20 17:39:38 | 000,006,836 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat [2013.01.19 09:52:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.19 09:52:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.19 09:52:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.19 09:52:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.19 09:52:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.17 14:45:25 | 000,002,085 | ---- | C] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk [2013.01.16 07:48:39 | 013,462,931 | ---- | C] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip [2013.01.14 09:07:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.07 08:23:37 | 000,116,893 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0012.pdf [2013.01.07 08:21:39 | 000,115,993 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0011.jpg [2013.01.07 07:18:24 | 000,065,415 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0010.pdf [2013.01.06 00:39:00 | 000,001,787 | ---- | C] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk [2012.12.31 19:18:59 | 000,007,368 | ---- | C] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html [2012.10.02 12:30:22 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.10.02 12:30:22 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.10.02 12:30:20 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.10.02 12:30:18 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.08.28 22:29:13 | 000,065,024 | ---- | C] () -- C:\Windows\System32\wlaopref.exe [2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.04.30 08:32:38 | 000,000,728 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempgui.config [2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.09.07 21:43:04 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.10 13:07:21 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI [2011.05.09 09:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.02.17 23:07:19 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.02.17 22:58:28 | 000,001,456 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.02.16 08:35:38 | 000,000,034 | ---- | C] () -- C:\Users\Kirstin\mm.cfg [2010.08.03 21:40:36 | 000,024,206 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\UserTile.png [2010.07.28 14:07:43 | 003,650,262 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\TempBad Segeberg 2010 Sando Leichte Kür.mp3 [2010.07.17 22:44:48 | 000,013,658 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempplan.xml [2010.07.17 22:44:48 | 000,001,010 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempvprofile.dat [2010.01.24 23:10:39 | 000,003,928 | -H-- | C] () -- C:\Users\Kirstin\AppData\Local\BackupManager.list [2010.01.12 13:38:58 | 000,001,677 | ---- | C] () -- C:\Users\Kirstin\Kalender von Kirstin.ics [2009.12.17 09:29:25 | 000,000,100 | -H-- | C] () -- C:\ProgramData\BackupManager.list [2009.12.17 03:15:57 | 000,002,780 | -H-- | C] () -- C:\Users\Kirstin\BackupManager.list [2009.12.17 01:04:17 | 000,004,836 | -H-- | C] () -- C:\Users\Kirstin\AppData\Roaming\BackupManager.list [2009.10.23 07:12:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.24 06:51:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.06.07 21:36:17 | 000,089,600 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.03 12:24:51 | 000,000,772 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\wklnhst.dat [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2011.09.12 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\26C13EA7-D779-4643-9AB5-334070B15EBD [2012.10.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\4Free [2009.12.17 00:16:32 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\5400 Series [2011.01.06 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\8BF4B188-E5B9-42F4-B63E-F27754744D04 [2009.12.17 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acer GameZone Console [2010.01.25 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acronis [2010.12.10 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Amazon [2012.11.26 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Artisteer [2010.03.01 10:15:35 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Avery [2012.01.30 07:48:00 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\BA46F38A-7DD2-49DA-91FB-9766CBF88899 [2012.02.28 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Blender Foundation [2011.10.14 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\calibre [2011.02.14 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.05.27 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\DA14BE56-1881-4862-8000-E459337B3A83 [2010.07.01 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Digiarty [2012.04.13 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Dropbox [2009.12.17 00:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\eSobi [2013.01.09 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\FileZilla [2009.12.17 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\fotobuch.de AG [2009.12.17 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Helios [2009.12.17 00:20:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Hentrich-Software [2011.01.09 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\kompozer.net [2012.12.10 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Lexware [2009.12.17 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\NCH Swift Sound [2012.04.30 08:22:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia [2012.04.30 08:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia Ovi Suite [2012.10.23 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Optimizer Pro [2010.02.18 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PC Suite [2010.08.03 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PeerNetworking [2009.12.17 00:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PowerCinema [2009.12.17 00:39:12 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Recordpad [2012.12.05 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Samsung [2009.12.17 00:41:02 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\SoftDMA [2011.04.04 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.04.09 00:06:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Temp [2009.12.17 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Template [2010.05.03 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Thunderbird [2011.09.05 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Uniblue [2009.12.17 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Vodafone [2011.03.03 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Windows Live Writer [2011.04.28 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > |
|
21.01.2013, 12:01
| #24 |
| | Malwarebytes bricht ständig ab OTL Extras: Code:
ATTFilter OTL Extras logfile created on: 21.01.2013 11:10:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kirstin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,37 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 60,67% Memory free
4,97 Gb Paging File | 3,60 Gb Available in Paging File | 72,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 208,06 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 128,65 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SNAPFISH] -- "C:\Program Files\SNAPFISH\SNAPFISH\SNAPFISH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36216B6B-D235-4EEE-BD7C-000D23FBE068}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5890EC8B-D561-4FB6-8BF8-F7EBA199E59B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EC43925-47A6-473E-AE11-735312FA97C5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69749B3D-941C-4BCD-AE5E-924F1EA4E28D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A80AE2F-0572-4280-ADC1-FD212D88110F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{747AE341-FED3-4DF8-A51E-964CA28E7B65}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CB067D0-19BF-47FE-83AC-CA0CE777BC72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58CA460-0C64-4233-90A6-8F43BEA08B57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA5F590D-4D55-47A6-9165-F2BCDE63EBE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFC72BE4-9A88-4734-AA4B-5CAC8F0AB26B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5480AD3-1EFC-4CA0-9AB5-52BE5F7840EF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C891C919-BE4F-438C-A3D8-6994E6D60A5E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{E8328714-4761-4A30-8211-B882A75CECBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7897C-C34F-44C9-A204-15D58CE28078}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{030E6D27-ABD2-4AEF-9A71-2E6413D0802F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{05FA87D4-B383-4F6F-A73B-E7CEEA7F105B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06CB9592-E30B-460B-A93B-C2FDFEDE7DF0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0C8EC47A-FB3E-44C4-A94D-E84281E1EBF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11168A22-D55E-4067-87AB-785E74D1831B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{161E7BE5-6E84-4938-8446-2988729EA90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1999BC21-F33C-407B-8095-596B083FE740}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{19ABFE8C-0159-4DDB-B63B-048F847773BC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{1B882A53-4495-4DA6-B358-A1FEDB48243A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1C59A376-AAAD-43FD-AA89-51A523E6F92A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CA23ACD-0DAA-4E35-A6C1-4E8606982FA4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{1CCA0F32-946D-460C-ADA7-675DF86B3B1A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2119289C-4426-44C6-8DCD-B3D9E4DE59D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{21EC42CF-63DA-4CC0-84F6-3F479EE36735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{22C58FB7-2E8C-4818-B2D4-D7D8FA4F2793}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{23686365-02C7-4943-8E98-50D30A5E868B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{27B7146A-0188-49C3-B2EB-DCBDAF300186}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2CFF7347-B3C8-4A35-A33E-5CC7EE83939A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{321F58FB-6B81-4D2C-8E89-67E8E3294ABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3291AAC7-7B09-4256-918E-EC87D8EA94F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{342B9064-2C3E-4F40-9262-307C6CEF8C60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{34387E27-B86B-478C-8103-458BDD5B5189}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3AD621CD-F3DB-40CC-AA78-F9DE377D7685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CAD15D5-523A-4388-98F3-309D9AFC6B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E502686-CA9B-41E4-8A23-4B4A700DB759}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{45D2F5BF-16C4-4324-93BF-A5E2EE7F73F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47DDC0B4-BE2B-4CFA-9605-83E366123A35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4CEFAB47-00BA-4760-AC32-BEF5814226E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{4EA0F4C2-3E70-4FC3-A19C-C15C6C9A7B1E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F1B65DE-C669-4BA4-9759-6D9516D1B9CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5202A704-E66A-437D-BF0D-99C338C7501C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{57D088B9-7F24-4035-8D61-A9391806B296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58C26802-5231-4762-921C-BF6C80999CA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5F38EDED-815A-4E5F-821C-40A30A729E41}" = protocol=6 | dir=out | app=system |
"{6308DE0B-20A0-4A00-9EDB-9E6881A7778D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{6C975B16-6FC8-47E1-BD02-9A96BC58EEE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7226EADE-9C2B-43B2-83EE-E9D57C77D9F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{79998817-05CF-4709-A9DF-6DD2DC2901D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7D5BD84D-0F97-45C3-BBE9-41810F3828A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D6C2C5C-4D22-48A1-A6FF-D5BA10899DE5}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"{7FC71BDB-44B5-4879-977F-00963824D872}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"{841FD16A-C75C-4A1A-A072-8DCC40BA0134}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{87D28B73-A45A-4391-95E7-226ADFB3BC5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8A3938E5-66B4-475D-B557-4024D07FD56D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CB531D1-CF68-463C-8102-1A593848F9E9}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{94D1EF94-015E-4DA9-B49B-14545B07C76D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{99B7FA1F-AD94-4C46-A434-8C999D1EF40D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9A8F3A3C-4911-4EE4-8828-13ED5167AFA8}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9BD8939B-8EBB-4EDA-85C3-843FA735BDBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A000D248-9E56-4F4E-B333-CB0712FAEEE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{A0FF3DA8-7795-4942-8E76-7DE40C3012C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{A6BDB3F0-A2B3-4CB4-8945-DE79B390BCBE}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{AB95645F-F9FD-4A51-A73A-4DA372DE01D7}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE5A22FF-6A30-4A38-A03A-5186CA80B314}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C0339C8E-05A2-4BEA-9BA3-8D3DCEA0EC93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C069B866-7823-4CCA-8568-4186F651BAA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4C60E83-601B-449E-91AC-58C31D9C07F8}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{CD7D3905-FAF6-4958-B35F-21C1D77F3948}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CDE98BCB-D245-43A3-A1ED-FF0809BB6F46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{DE54707B-A614-480B-A2B0-6B29ACB20A4B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DEECD085-B757-4794-A4B8-F6DAD84383EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E53E42D2-0620-4E7F-8283-1BE761990E5B}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{E6D7B207-484C-4FEA-B76D-8F657BD65A29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{E9AE87DC-A834-448A-ABB6-C3AC06BB5B93}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EACD1FB2-D6F3-4A30-BE57-EBFAA36FA127}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ECF2E501-67E1-473C-94F6-D5EB3B7A9B4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F1248F2F-3A28-4614-9D4B-7E77179E65FD}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{F1A81FFE-A643-469E-9EA3-D4F25E32BE8C}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{F25ABB89-3577-4109-8BB6-24D83231BBEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5451596-6DC2-4BD4-A714-61A0FDC21C2B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FBB7453C-2016-4C0C-AF54-6842C8EBAE03}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{FF85C6A5-7596-4827-8471-594B8742D16A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{0A2AB32D-41E6-4B0E-8BB0-09C34246D30A}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{0F62C7AF-B86A-48CA-9AB7-DE1C73D41889}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{12DE0971-1BF1-44ED-9CC1-809E3D872993}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe |
"TCP Query User{20F8CCC4-3B04-46DD-9679-C56555A1ECFF}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{28B44C2C-4CDD-4C30-B686-A599BE3372DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2F3B54C2-25DB-4B2D-A3AD-FE3E42BFADD3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{395E72D6-FE39-44B9-BD39-67B9C8BF1CB4}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{53816B02-3364-4B3F-A17B-9002B908F151}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{68F3DB9A-408C-433B-B556-6F262AE0E0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7591E67A-9F70-4DC5-BE65-604185DC38AA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7BB806CF-AA53-44FB-9889-040A435A24FF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{9B604713-47BA-4A34-A9F9-933EFAD5C6E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A839EE0A-B44A-41DB-BFED-8C85DAB3C00B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{BDD0980B-9157-44F2-8B5C-3B1D41225B62}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{C5426E46-0159-40AF-B355-351F28BA3476}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E52EFD82-D7CD-4684-9976-F089B8708748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F1A75F55-A9E9-45B9-A4A5-FD1F2AE9ADC7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{003A95E7-D78D-4D1E-923A-8C56BD492EBC}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe |
"UDP Query User{0CC12258-FE4E-4B94-9798-E1A8579A7685}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2443B5B0-AE01-499C-8E14-B972E0ED0444}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{394C5E5B-B985-4DD8-ABBE-DAAAF7B997B8}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3E9F7169-53E6-44AE-827E-01C7022ACAE7}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{452A35F5-A707-4A07-B0CC-9125DD178BC3}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{53DF4BE7-96A2-4A97-8590-7351C9ED7BC1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{587CB2E3-373D-43E5-BDB8-BDA5541661C5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70E42497-D304-4F5E-B498-8C4CCF68A412}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{71346BF5-21DD-451C-9CAE-7A475BA80C75}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{72427C59-ED23-4F79-8E00-BDADF5D99540}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9AAFC21-3131-4615-BB0F-430FB027E95D}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C0F6C829-E0F9-4DB1-A33D-37CE16F4AC43}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{C6FF72DF-8615-4698-87C1-F2EF9F45CD27}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E6889EF9-B386-4FCF-BA45-8159E79DBF0A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E9312D64-89A2-4B07-AEC3-6066CC49470A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F738080C-A8B4-41F6-B6D9-7F1468CB4339}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AB7335-3CEF-4747-9CC7-41C600A7E0E9}" = Lexware faktura+auftrag 2013
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1696F18E-2932-8A68-91A8-EAD17895285C}" = CCC Help Polish
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{181AEE57-04D3-26A1-6DCD-5A2084D4C36F}" = CCC Help Danish
"{18433D88-7499-D8F4-5D1C-32A83CC05752}" = CCC Help Chinese Traditional
"{1846A764-A6C1-46D2-B245-DAEDB2FDF5C9}" = Lexware kundenmanager 2011 System
"{195F5712-5E23-4DBB-8413-0EC6F0D60ABA}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{1B8BF8D8-325A-8AEE-CBFE-EC1251C51B0B}" = Catalyst Control Center Core Implementation
"{1E6804DA-9192-F510-7A19-DD505E662D41}" = CCC Help Korean
"{1EBD33A9-2AAF-4CE6-8D62-9D3634C8B43B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25B6FA39-24D1-4B2F-9280-099F2543E6B8}" = Lexware kundenmanager 2009 System
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}" = ArcSoft MediaImpression
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{2CC8130C-D0DC-C15B-21BE-99926467CBD1}" = CCC Help Finnish
"{2D27D952-ACF0-0B27-DC1A-C1DB49CAD846}" = ccc-core-static
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A3653D7-90DA-D323-EE10-02BE5A955051}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{457B1BA7-0829-B9EE-AC06-42BD80CFA6D2}" = ccc-utility
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AEC222A-82B0-A8DB-2BFC-CFB2759B3F36}" = Catalyst Control Center Localization All
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{569A0B32-D216-63C9-9148-B3221BF5C30D}" = CCC Help German
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{591203A7-8794-BDD1-11F3-1447522E4150}" = CCC Help Greek
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{660AB86D-3900-62F4-C790-879ABB6B4CF7}" = CCC Help French
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FA27A0B-8E35-A611-382F-2C31828DBBCA}" = Catalyst Control Center Graphics Light
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83B9F0EF-68CC-6151-0339-BE2DAD01254B}" = Catalyst Control Center Graphics Full New
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3F7BF5-AE97-E6AA-2078-56678841B9F2}" = CCC Help Japanese
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91D87975-616E-C6E2-6AB0-AC48E6E3C8B4}" = Catalyst Control Center InstallProxy
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A0D285EA-5E1F-DC9C-2092-2C8A422E42C3}" = CCC Help Chinese Standard
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A509F7BA-007E-82CF-003D-F8C01A1E8511}" = CCC Help Thai
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2EFA385-09C9-4E52-B4B3-AD15A6D3773B}" = Lexware kundenmanager 2011
"{B4A34D42-758D-8BEE-1F06-D8AFAC8F4002}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BF74F0D6-542B-1D47-1026-31F568D8A798}" = CCC Help Norwegian
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2EE3A10-C169-68C7-5335-2F7FC56DA1A4}" = Catalyst Control Center Graphics Full Existing
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7E1D9E3-3569-5898-714F-22EF74C04B73}" = CCC Help Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9F5AF2-A03A-26C2-7DF6-DAED2368E673}" = CCC Help Czech
"{CF25D77A-BDBE-EE99-EACC-5576FA9FFD19}" = CCC Help Swedish
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DC39A078-4D4C-4EF2-9CAF-69D342D74125}" = Microsoft Sync Framework Runtime v1.0 (x86) de
"{DDA88701-D6FB-783C-5339-4F9875DB7F6B}" = CCC Help Russian
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE132BD-4ADD-D9A1-56C7-356CB939A69E}" = CCC Help Italian
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E250B734-C4C2-8D67-546D-640D6789088D}" = CCC Help Portuguese
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E8D33431-67EA-4DC1-B443-EE989DE532BC}" = Microsoft Sync Framework Services v1.0 (x86) de
"{EAF1DC9B-81CB-AADD-EA03-EE3F7EC9A8D7}" = CCC Help English
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Hilfe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7CE0C98-25D9-853D-63C8-72CD673F693E}" = CCC Help Dutch
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FE215BA1-CFE6-37D1-81A8-231961C4941E}" = ATI Catalyst Install Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AnyDVD" = AnyDVD
"Artisteer 3" = Artisteer 3
"Artisteer 4" = Artisteer 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blender" = Blender
"Buttonz & Tilez" = Buttonz & Tilez
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Designer 2.0_is1" = Designer 2.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FileZilla Client" = FileZilla Client 3.3.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HS Mehrwertsteuer 3.27" = HS Mehrwertsteuer 3.27
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Lexmark 5400 Series" = Lexmark 5400 Series
"LManager" = Launch Manager
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marble Pop 3D" = Marble Pop 3D
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Nokia PC Suite" = Nokia PC Suite
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Pearl Poppers" = Pearl Poppers
"Samplitude Music Studio 15 Download-Version D" = Samplitude Music Studio 15 Download-Version 15.0.1.0 (D)
"Secret Of Six Seas" = Secret Of Six Seas
"Shop for HP Supplies" = Shop for HP Supplies
"SNAPFISH" = SNAPFISH
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX Video Converter_is1" = WinX Video Converter 4.5.2
"XMedia Recode" = XMedia Recode 2.2.9.7
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.01.2013 17:13:02 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.01.2013 19:27:20 | Computer Name = Kirstins-PC | Source = EventSystem | ID = 4621
Description =
Error - 21.01.2013 02:46:15 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.01.2013 02:47:13 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 04:19:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.01.2013 04:19:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.01.2013 04:20:14 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.01.2013 04:20:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.01.2013 04:22:50 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.01.2013 04:24:11 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 12.08.2009 10:18:58 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4007
seconds with 120 seconds of active time. This session ended with a crash.
Error - 19.09.2009 08:47:51 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 187373
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 16.07.2010 02:34:16 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1385
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 02.03.2011 13:05:00 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19287
seconds with 3120 seconds of active time. This session ended with a crash.
Error - 27.04.2011 22:01:29 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 66840
seconds with 3660 seconds of active time. This session ended with a crash.
Error - 21.08.2012 16:57:46 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135373
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 07.09.2012 04:01:08 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12835
seconds with 4800 seconds of active time. This session ended with a crash.
Error - 19.01.2013 19:18:14 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.06.2009 16:32:08 | Computer Name = Kirstins-PC | Source = HTTP | ID = 15016
Description =
Error - 13.06.2009 16:32:40 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = DCOM | ID = 10005
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2009 06:36:19 | Computer Name = Kirstins-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2009 um 22:57:52 unerwartet heruntergefahren.
< End of report >
|
|
21.01.2013, 12:25
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes bricht ständig ab Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2013, 13:02
| #26 |
| | Malwarebytes bricht ständig ab Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.21.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Kirstin :: KIRSTINS-PC [Administrator] Schutz: Deaktiviert 21.01.2013 12:41:21 mbam-log-2013-01-21 (12-41-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228419 Laufzeit: 17 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.01.2013, 07:37
| #27 |
| | Malwarebytes bricht ständig ab Moin Cosinus, sag mal, der ESET Online läuft jetzt seit 18 Stunden..... Ist das normal? Steht auf 99 % hat einen Infected file gefunden. Siehe Screenshot. Abbrechen nochmal machen oder laufen lassen? |
|
22.01.2013, 10:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes bricht ständig ab Ist ESET nocht nicht fertig?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 11:54
| #29 |
| | Malwarebytes bricht ständig ab Also, hab's abgebrochen, alles noch mal gemacht, weil es dann zum Schluß echt hing. Nix ging mehr. Jetzt läuft's seit 3:42 Std. aber dafür flutscht es jetzt besser. Ist auch nun bei 99 %. Schauen wir mal. Ich trink jetzt noch'n Kaffee.... |
|
22.01.2013, 14:09
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes bricht ständig ab Und schmeckt der   Was sagt ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malwarebytes bricht ständig ab |
| abbruch, brauche, browser, einfach, entferne, entfernen, firefox, forum, geladen, gen, gestern, googeln, home, komischer, kurzem, malwarebytes, meldung, probleme, programm, runter, service, system, verschoben, vista, vista home premium |
Textbox. 
Linear-Darstellung
