GVU-Trojaner
Hallo,
ich habe mir den GVU-Trojaner eingefangen. Bin dann nach einem Neustart in den abgesicherten Modus und erst mal auf einen Systemwiederherstellungspunkt einen Tag vorher.
Hier die Logs von Malwarebytes: Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.26.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: MICROSTAR-*** [Administrator]
26.01.2013 18:08:19
mbam-log-2013-01-26 (18-08-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra |
HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 742509
Laufzeit: 8 Stunde(n), 32 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\Software\TimeSink, Inc. (AdWare.TimeSink) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\TimeSink, Inc. (AdWare.TimeSink) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 9
C:\Program Files\TimeSink (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Ads (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne
gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***(AdWare.Cydoor) -> Erfolgreich gelöscht und in
Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE (AdWare.Cydoor) -> Erfolgreich
gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users\*** (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne
gestellt.
Infizierte Dateien: 16
C:\Users\***\AppData\Local\Temp\Temp1_iepv.zip\iepv.exe (PUP.PSW.Passview) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\Temp2_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\Temp1_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\Temp3_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done.cdb (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done.idx (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done1.cdb (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done1.idx (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending.cdb (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending.idx (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending1.cdb (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending1.idx (AdWare.Cydoor) ->
Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users\***\Sched.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in
Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users\***\Sched.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in
Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users\***\Sched1.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in
Quarantäne gestellt.
C:\Program Files\TimeSink\AdGateway\Users\***\Sched1.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in
Quarantäne gestellt.
(Ende)
OTL.txt: Code:
OTL logfile created on: 27.01.2013 08:10:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 28,02% Memory free
6,72 Gb Paging File | 3,40 Gb Available in Paging File | 50,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 638,52 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 445,75 Gb Total Space | 51,25 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 16,27 Gb Free Space | 81,36% Space Free | Partition Type: FAT32
Drive F: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MICROSTAR-*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TechSmith\Jing\Jing.exe (TechSmith Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Programme\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Belkin\Switch2\Switch2.exe (Belkin Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\987dffa60dbf86bde2495e89d2195a84\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\a5cb85e04e47ce01706356092b954f90\CPKTMusicPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c2022b09b43c9482bbeba266d6df9171\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\2cec10bd5078131e49e5c8f22a870822\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\48bf3a1d960e0f7ebc48ff01e497e239\System.Runtime.Remoting.ni.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\ec290c9ab9e1bb9f083ba3090bd1cf70\BusinessLayer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\c3f80c44ecbd7ea5ef47bedf435c59fc\Microsoft.Office.Interop.Outlook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bd79065f7d7c5aa927a770d3983e775d\Microsoft.Interop.Mapi.Impl.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\ba62c63cafede6d5193d66eb168b344f\Microsoft.Interop.Mapi.PropTags.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\f7ce7fb928574c6948304b4bf5d14edc\BCMRes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\office\da52581c2872e807f53aa9c37c1d22bb\office.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\2d11cf84a89b2904404a3bda7cbafae4\stdole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\d1aeb66d31f3bc0b39f67917591c3c80\Microsoft.Interop.Mapi.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\8ab62700d598d6b4988feed4983124e6\BCMCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\57b7eb9291d0c8676734b2b4ab2984f7\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\8dea73b3a5ee331e2436dac6908e85ec\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3a3abe3267021d15d3c6a5e5b2b1a466\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\309c155b063b6f94b19ce0f3b5e09070\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\d33fae6c2084e76943468f092880f2db\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\08578175d4ae37994f236fea2f31680e\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\9f5ea83c96866be89b738b1beafd4dfc\PodcastService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\397f6171cd6092a623f26c351380c201\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2cd48f0f5f4d025def9265b492fd6ded\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\2d4b558da2bda3f725b4e1116824109d\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\bc70491c65d9f172be3fc4571ab0337c\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\629108be62672fffad17d42bb62bbe90\EBookManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\625cf2f6d8887890630e6b548cccdb4e\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\9e8de971d0dc3071378a923df5d3c8a5\AllShareController.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\36e46ebe1c2d6d45eb0f5272bc4b9a24\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7945d0bd1d2b9a98e720ac90a2d8b78a\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\58f0b876c44331535102ecb13046865f\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f8c8f34f4703169ec8ef159f4a3eff05\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\90cc995f77a271d561151f78245b4e40\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd56370080ab6286570e2c8c346b0411\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8e5c3adf19721d0ee8a6367ab350b60b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\67bd718f57274aa0419ba68e71344d5c\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7be67032ebb8fa32963b8abe350ee793\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41e1f83e1b967aab636e08f4e978a059\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\055fbb8ac8719c694d9764e826646296\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\49c62033a5c8e5c0ff62f9807726d840\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\80a06208211ff5efdfc5dcb170bd92d7\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\b2991e7347afcb391a714b60ebf7fdff\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1ea9d4d50c7fdf418de5c801ed76701d\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\d30bde27733b5d6f3ea6a0786a5d84d5\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\5911766cf78c9ff4b4b89dcd0d2f3899\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\fcaa070e943747cf6625e4464df9094f\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\900f7fa1a61e5780777f6fdfc78756bc\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\dd6c740085ff9051f0b9d7aec72f889f\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0d8a6c359208a783ffc5c2209d02cd3c\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\93470ab38b698c2e4b1fdcf3bd557593\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7b108f87a4091fc8bbb6aec2106675ae\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\2d61609a7f09305ef6e384741c3e863c\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bde0a08409a14b6a69cd682699202e53\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e844539aa6207846bc7cf281379e4b1b\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\088676cc322e339363b855b240aa1105\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\2710d983065221697dbb75e958f97984\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6a53b5a77f0dc62c4d3ee8acb210da85\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6acf0e9a\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9d2b89dd\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d0382af8\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_27b2c437\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a91890e4\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\FileZilla Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.dll ()
MOD - C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Programme\Duden\Duden Korrektor\libxml2.dll ()
MOD - C:\Programme\Duden\Duden Korrektor\zlib1.dll ()
MOD - C:\Programme\GlobalSCAPE\CuteFTP\CuteShell.dll ()
========== Services (SafeList) ==========
SRV - (Terioaosbdyx) -- File not found
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (arXfrSvc) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AdobeVersionCue) -- C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (BackupReader) -- C:\Windows\System32\drivers\BackupReader.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (MosIrUsb) -- C:\Windows\System32\drivers\MosIrUsb.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (TACXDEV) -- C:\Windows\System32\drivers\I-magic.sys ()
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.)
DRV - (stusb2ir) -- C:\Windows\System32\drivers\stusb2ir.sys ()
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{05C72334-11F3-4e9f-8740-98128F52EFB9}: "URL" = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.26 19:27:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.17 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.17 16:09:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.26 19:27:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
[2008.09.18 09:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.20 16:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions
[2010.08.02 22:05:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.01.20 16:25:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.12 20:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.09.18 09:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2012.04.15 11:36:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.15 11:35:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.15 11:35:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.15 11:35:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.15 11:35:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.15 11:35:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.15 11:35:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-18..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Jing] C:\Programme\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Polar Sync] File not found
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch2.lnk = C:\Users\***\AppData\Roaming\Microsoft\Installer\{067B5E9A-A4BA-4BF2-AFF2-6D5414B2E88A}\NewShortcut1_067B5E9AA4BA4BF2AFF26D5414B2E88A.exe (Macrovision Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/28.25/uploader2.cab (UploadListView Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224422808 (Image Uploader Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 (Image Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E865C40C-7EBF-408B-8FC5-05172921AA53} https://***.homeserver.com/Remote/Microsoft.HomeServer.RichUpload.cab (Microsoft.HomeServer.RichUpload.UploadControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FCC0AC7-5F06-4FA9-9A90-24ACA883FDFC}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2FCF1A8-E9D1-4F58-AEBE-0B518D946348}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.11.01 20:00:00 | 000,000,052 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4118b0b3-bbe6-11dc-99fc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4118b0b3-bbe6-11dc-99fc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2012.11.01 20:00:00 | 000,087,704 | R--- | M] ()
O33 - MountPoints2\{4118b0b4-bbe6-11dc-99fc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4118b0b4-bbe6-11dc-99fc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.26 18:07:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.26 18:07:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.26 18:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.26 18:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.26 18:07:07 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.26 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.20 17:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[2013.01.17 16:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.17 16:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.17 16:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.17 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.17 16:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.17 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.27 07:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 07:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 07:43:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 21:44:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.26 18:07:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.26 17:59:56 | 000,000,964 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.26 17:59:37 | 000,000,950 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.01.26 17:56:28 | 000,149,965 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.26 17:56:27 | 000,149,965 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.26 17:56:24 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch2.lnk
[2013.01.26 17:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.26 17:43:08 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.26 17:31:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\02Pv3XC.pad
[2013.01.25 08:23:53 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.01.20 18:09:42 | 000,000,962 | ---- | M] () -- C:\Windows\wiso.ini
[2013.01.20 17:38:27 | 000,001,898 | ---- | M] () -- C:\Users\***\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.01.20 17:19:12 | 000,001,912 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.01.20 17:19:12 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.01.17 22:55:25 | 000,000,211 | ---- | M] () -- C:\Users\***\Desktop\My Withings.url
[2013.01.17 16:22:19 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.17 16:04:57 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.01.17 05:56:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.17 05:56:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.26 17:43:08 | 3488,931,840 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.26 17:19:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\02Pv3XC.pad
[2013.01.20 17:38:27 | 000,001,898 | ---- | C] () -- C:\Users\***\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.01.20 17:19:12 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.01.17 16:22:19 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.30 21:51:15 | 285,815,514 | ---- | C] () -- C:\Users\***\VN860083.MP3
[2012.03.18 18:40:59 | 000,003,657 | ---- | C] () -- C:\Users\***\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.html
[2012.03.18 18:36:56 | 000,010,231 | ---- | C] () -- C:\Users\***\SIC_2012_***s_sebu84_elster_2048_Kopie.pfx
[2011.12.05 00:06:04 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy
[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.02.22 17:58:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.16 21:58:42 | 000,149,965 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.16 19:35:03 | 000,149,965 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.10.06 20:04:54 | 004,189,465 | ---- | C] () -- C:\Users\***\Sicherung_2010_10_06.zip
[2010.01.02 14:06:40 | 000,038,445 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.07.28 19:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.06 11:59:41 | 000,010,599 | ---- | C] () -- C:\Users\***\***s_sebu84_elster_2048.pfx
[2008.12.10 17:59:47 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.03.15 21:54:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.02.07 18:26:21 | 000,001,471 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2008.01.06 18:00:22 | 000,100,352 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.06 00:49:06 | 000,000,102 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2003.06.23 09:13:11 | 000,001,680 | ---- | C] () -- C:\Users\***\AppData\Roaming\Access10.pip
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.03.24 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.12.21 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2013.01.26 18:00:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.08 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.09.26 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2009.11.19 20:45:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2009.11.01 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2008.01.07 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlobalSCAPE
[2008.02.07 18:26:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2008.01.06 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.11.07 23:49:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiniDm
[2009.02.08 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2008.10.19 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.10.17 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Prish
[2009.03.30 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2012.10.12 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.06.22 18:14:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2008.01.06 15:23:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2008.12.23 10:04:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TACX
[2011.08.27 10:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.02.16 23:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Home Server
[2010.05.08 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Withings
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
< End of report >
Extras.txt Code:
OTL Extras logfile created on: 27.01.2013 08:10:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 28,02% Memory free
6,72 Gb Paging File | 3,40 Gb Available in Paging File | 50,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 638,52 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 445,75 Gb Total Space | 51,25 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 16,27 Gb Free Space | 81,36% Space Free | Partition Type: FAT32
Drive F: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: microStar-*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B198807-0B30-4DA4-B22C-5C4C780462CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{45863E8F-5632-4102-BECF-9BB1980EB0BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45F9F639-C945-4AE9-A476-E02E7603190F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48A1E0E4-D95D-4A05-8562-12502C2B3F95}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{49AFA4D0-B0F3-4BCF-9FD0-72660854E7D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{592B015E-37C9-4F98-AE49-BCD17FEC5531}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6127A386-85E7-44E5-89E9-51161321E1D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BCB5CDC-6B16-428C-99BA-F25B03968CBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7E861E55-1E73-4663-AF9D-8C186BCE03CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E16885-CAD9-4CB6-BA34-F98F5FB629E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A893ACB6-0522-48B8-99FA-334CF96ECB34}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAFEDB97-9F6D-4CC4-9CF5-3CDC33A7BBED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2499E67-FF75-4349-B2E1-DBE7198EBA97}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B73C9135-B5E8-47E8-AC14-74F731922FD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C6C21846-FF21-4048-BA69-16773BFD0830}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2C8849B-F129-4D3A-A01B-0FC71E45EC4C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{EF13CC07-9A35-48F6-8D6F-6CBFBE8D10DD}" = lport=3389 | protocol=6 | dir=in | name=remote |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F25A80-8514-4799-BAFF-A368BAD2FCB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{10F1181A-9F9A-4D1F-A9E2-4678525D64D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{135B59CD-B69B-4096-B80E-63B8933AD605}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{13E890E1-231B-4FAA-9D7D-AD5C62B10F86}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{153FE17A-AD75-45D5-BF84-836AC0900C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1B3293EC-4F14-4C38-8A8D-8059F454D239}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{1D613B45-958C-4472-AD9A-3EE2DFC2FEAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{25859868-28C4-4FEB-A127-3E40B74E7D1B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2FCDC1EE-A30D-4283-9712-00B3DA311F87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33DB8904-9C4C-40D9-AFDB-E1DA3CF18D27}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{38E72D31-3B16-44CC-86DC-DFCE8DBC0F9B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3D177EAF-92B6-4256-A1D4-C7B61D083DCB}" = protocol=6 | dir=out | app=system |
"{480BEB0F-7867-41EB-866A-36C54AE71DEA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{48B05B2F-E487-433B-A240-DFBC6CCC9509}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4CBFFEEB-36B6-4DCA-9FEE-52BA4EA36F5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{508CA4AF-734F-44FF-9D77-A1CEDB30B46A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{51D91D43-6823-4460-B183-8791C751FF7D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{599603AA-4DEF-4FAF-B0D1-950BC8D27222}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C9A9CAA-48BE-41CC-85E3-5DEF39FC37D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DAB24C0-E144-4917-A3CD-5C986F8CD072}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A11AA31-F1F4-4225-9A2C-51D13DA507C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DD5F09E-FE2E-4E70-A7C0-6FAE2D67F774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{718BE615-7611-4A4E-B36A-3CA2F0190A50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7956D93E-C882-4930-8B8B-35D4365B8C59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADA04D4-BFEB-4960-98CC-8178374128C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BA21F2C-A3BF-44A8-A356-A8C38C784C35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908AF391-4CA9-400B-A893-4F06F3264727}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{911861CB-C514-4D0E-A8D0-9ECE44939E36}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{92E02B4F-3794-47FD-A3D0-EB53FA570FD2}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{92EF5CE1-FCA9-41E3-A6D6-297D048B4F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{94E9AA1C-1738-4A37-8DE9-23F1DE4E185D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{98B9CCA6-4EF9-4D79-831C-CE3AF5E86184}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99D7B092-59B7-47F5-A395-74D246A432E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{9B6A96F4-4AEB-407D-921A-E16E2582EED0}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9CE08E4A-C2CA-459C-8278-50F22F1D05AB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{AD728A2E-2C26-4AE3-8F95-700EF35876D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B06047D8-BFAC-4956-82DE-DE0BF23250C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2F0C2BF-5BD2-42D8-929D-703943E8A48F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B6DB5B8D-E0ED-426F-A71E-76EC9ED88678}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC70050D-D4DF-4BAC-A365-29C817EEE8B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BE54877E-C8AF-4F26-A754-3E380F0A4DC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0E1B6D3-D8FB-4AEE-A8D6-5FC9DE5DBD65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C75AA7C5-30D9-4D21-B6D3-D2178870DD49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CA3F414C-B6C4-4A3C-91B8-E3EA848C1338}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CB2A1543-C05E-4404-A861-84C44A2423C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA29AE2-6661-466D-B0DD-9627AC269D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDF72B43-07D6-485D-965A-34F1C462C898}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CEBFA2CE-1029-48A0-9AAA-1A9CCEEF47CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB040451-14E1-4D14-93A3-F9C34500B0A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E038DE1E-CA28-4BC3-876C-C7A246C8A7C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{E1EEDBEB-73CA-46B0-8FAA-043C252BF35F}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{E20B2081-7AED-4450-B213-011C0CFC686D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{E33EB9E1-31B0-4EE8-BF34-FA5D7213BB92}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{F5CE0069-C9B7-4561-A55E-C1C32C28FAA4}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{F696B78E-FD9B-415D-9278-B941BCA1B977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F97DDC74-A6BA-4368-93DE-5E44B2C54209}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FE40EDD2-9EEF-477B-AA38-D40DCDB92808}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{021A6D75-E590-4F66-BFF1-930CE122A767}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"TCP Query User{08A39C07-4995-4810-8492-65E01E08B69F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{1268A8B8-9CE4-454C-B1FA-5029EA008979}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"TCP Query User{1624D445-25C8-4E50-8211-130D4DBF5A11}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{20E07FFA-BC4B-4657-B1DF-4DA90A9AE19E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{226E9A42-54F2-4A5C-BEF7-064F7BE7B92A}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{470F8E97-994E-48BE-8EB5-B0132A076DB3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A033E47D-820A-47E3-AA00-898BB81935E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A720A18B-3DC0-4A33-BCDD-1D1DFD513B8B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C666C882-47F0-490E-B462-7EFCE828293B}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{DAF79252-4536-455B-81A9-A582FF9E0DEB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F0908082-689C-49C1-9E4E-2C1BAC9B65E8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{F4D26085-FF8F-4D31-8B2D-996C7FB4FEEC}C:\program files\samsung\frame manager\frameratingservice.exe" = protocol=6 | dir=in | app=c:\program files\samsung\frame manager\frameratingservice.exe |
"TCP Query User{FAD97B03-C6DD-4163-95B0-02EB66D99CBE}C:\users\***\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{1697FA9C-E363-4E1C-8165-F1DF956FECB2}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2745075A-5332-4690-9B11-816591899A63}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"UDP Query User{5BE546C3-4661-4FEE-A612-1B979262D644}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5D27AAE4-39AC-41A0-A9C8-6C12E49A5EEE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{6D872E1F-09DA-4231-B789-134ABDEDCA61}C:\users\***\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{7D38AAB2-7970-465D-BEEC-6A8318915027}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8FA2927F-FE1A-4F24-8464-3C142B2F7AB7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9E4811D5-DC34-494B-B762-765F36D40524}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"UDP Query User{A400E205-A8B8-4756-8B58-57645B8A8F1E}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{A4F37A11-616E-42D0-8E2D-6B67949A0406}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A9A745A2-FD5E-4272-B33C-60BBCCBEEFD7}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{AF730797-8DED-4859-A755-005F16EF1149}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C5EB3B95-8ECD-4BF8-9D02-D70AA4429D99}C:\program files\samsung\frame manager\frameratingservice.exe" = protocol=17 | dir=in | app=c:\program files\samsung\frame manager\frameratingservice.exe |
"UDP Query User{DFB70FC3-D89C-44ED-94A7-2A02559ECCE4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}" = Polar IrDA USB 1.1 Adapter
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067B5E9A-A4BA-4BF2-AFF2-6D5414B2E88A}" = Switch2
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{2555AF7D-1766-42E9-934C-E408933AEBF9}" = Fortius Imagic
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"{96F0EF0A-5852-470D-94AD-6F39DD51C3D4}" = NI LabWindows/CVI 7.1 Run Time Engine
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99284958-43A1-E44A-B9CE-BB2E3D460617}" = simfy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8BF5CD8-B02D-48f9-96A9-7183F868D6EE}" = C6200_Help
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C14266F9-1464-4285-9094-043633EFC3B0}" = C6200
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D2BAFC44-D10B-401E-B744-808CAA85E886}" = Fortius
"{D41EB7A7-1AAA-4282-AD6A-1FAC72BE55C5}" = C6200_doccd
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7B2B002-97C7-4D2E-B76F-150F96604CF5}" = Frame Manager
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F851520E-16E5-4C7B-BE3A-A90326A8160B}" = Fortius
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"3D Traumhaus Designer 8_is1" = DATA BECKER 3D Traumhaus Designer 8
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BBMediaSyncUninstall" = BlackBerry Media Sync
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CuteFTP" = CuteFTP
"Designer 2.0_is1" = Designer 2.0
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"FileZilla Client" = FileZilla Client 3.3.5.1
"FLV Player" = FLV Player 2.0, build 23
"Google Calendar Sync" = Google Calendar Sync
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"InstallShield_{E7B2B002-97C7-4D2E-B76F-150F96604CF5}" = Frame Manager
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RarZilla Free Unrar 2.52" = RarZilla Free Unrar 2.52
"Recuva" = Recuva
"Simfy" = simfy
"Tacx Imagic Vista drivers_is1" = Tacx Imagic Vista drivers 0.1
"TeamViewer 7" = TeamViewer 7
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 08:23:15 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 08:23:15 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 10:24:43 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 10:24:43 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
[ OSession Events ]
Error - 07.02.2010 18:45:04 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6055
seconds with 300 seconds of active time. This session ended with a crash.
Error - 02.05.2011 06:40:04 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6469
seconds with 60 seconds of active time. This session ended with a crash.
Error - 25.05.2011 15:27:21 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 163
seconds with 60 seconds of active time. This session ended with a crash.
Error - 29.07.2011 02:49:43 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 618
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 06:49:18 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5455
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.11.2011 02:39:33 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.01.2012 15:06:00 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3267
seconds with 660 seconds of active time. This session ended with a crash.
Error - 15.02.2012 17:18:35 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7287
seconds with 300 seconds of active time. This session ended with a crash.
Error - 15.03.2012 07:04:20 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14325
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 27.03.2012 17:32:33 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7026
Description =
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:34:59 | Computer Name = microStar-*** | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:35:03 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:35:31 | Computer Name = microStar-*** | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:35:33 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:44:45 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 26.01.2013 12:45:00 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7022
Description =
Error - 26.01.2013 12:45:01 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
AdwCleaner auf deinen Desktop.