| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Startseite "http://www.searchnu.com/406" beim öffnen von ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.11.2012, 21:53
| #1 |
 |  Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Hallo, habe o.a. Plagegeist in meiner Startseite. Ich hoffe, ihr könnt mir helfen. Code:
ATTFilter OTL logfile created on: 30.10.2012 20:23:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free 6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe PRC - [2012.08.10 12:37:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 12:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 08:03:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe PRC - [2012.05.03 08:29:42 | 005,234,688 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\postgres.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.10.23 11:09:26 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll MOD - [2012.10.23 11:09:24 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll MOD - [2012.10.23 11:09:20 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll MOD - [2012.10.23 11:09:18 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll MOD - [2012.10.23 11:09:16 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll MOD - [2012.10.23 11:09:13 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll MOD - [2012.10.23 11:09:11 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll MOD - [2012.10.23 11:09:06 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll MOD - [2012.10.23 11:09:03 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll MOD - [2012.10.23 11:08:45 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.10.23 11:08:42 | 005,846,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll MOD - [2012.10.23 11:08:16 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll MOD - [2012.10.23 11:07:59 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll MOD - [2012.10.23 11:07:55 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll MOD - [2012.10.23 11:07:44 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll MOD - [2012.10.23 11:07:42 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll MOD - [2012.10.23 11:07:40 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll MOD - [2012.10.23 11:07:39 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll MOD - [2012.10.23 11:07:38 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll MOD - [2012.10.23 11:07:35 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll MOD - [2012.10.23 11:07:34 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.10.23 11:07:32 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.10.23 11:07:31 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.10.23 11:07:28 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.10.23 11:07:25 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.10.23 11:07:24 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.10.23 11:07:19 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll MOD - [2012.10.23 11:07:14 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll MOD - [2012.10.23 11:07:07 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll MOD - [2012.10.23 11:07:05 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll MOD - [2012.10.23 11:07:04 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll MOD - [2012.10.23 11:07:02 | 001,460,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll MOD - [2012.10.23 11:07:00 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll MOD - [2012.10.23 11:06:53 | 001,199,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll MOD - [2012.10.23 11:06:48 | 001,689,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe MOD - [2012.10.23 10:33:58 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll MOD - [2012.10.23 10:33:53 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll MOD - [2012.10.23 10:33:39 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.10.23 10:33:39 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.10.23 10:33:38 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.10.23 10:33:38 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.10.23 10:33:27 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.10.23 10:33:23 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.10.23 10:33:18 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll MOD - [2012.10.23 10:33:14 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll MOD - [2012.10.23 10:33:11 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.10.23 10:32:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.10.23 10:32:28 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll MOD - [2012.10.23 10:32:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.10.23 10:17:31 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.10.23 10:15:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.10.23 10:15:41 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.10.23 10:15:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.10.23 10:15:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.10.23 10:14:55 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.10.23 10:14:43 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.10.23 10:14:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.12.19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.20 13:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - [2012.10.08 22:06:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.10 20:28:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-9.1) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.05.31 20:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.03.05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.03 12:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.05.10 08:03:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 08:03:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.03 16:49:32 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011.10.03 16:49:32 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011.10.03 16:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011.10.03 16:49:32 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.02.17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.02.17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.02.27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 22:26:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:40:35 | 000,000,000 | ---D | M] [2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions [2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions [2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb} [2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net [2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi [2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.11 09:59:36 | 000,000,853 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\11-suche.xml [2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml [2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml [2012.09.07 10:48:36 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml [2009.09.11 13:41:08 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml [2009.10.31 07:19:32 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml [2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml [2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml [2009.08.04 04:25:06 | 000,000,944 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin.xml [2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml [2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\Search_Results.xml [2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml [2012.10.21 18:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.03.21 22:26:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll [2012.03.21 22:26:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.21 22:26:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.21 22:26:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.21 22:26:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.03.21 22:26:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.21 22:26:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32asw.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5 [2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5 [2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I [2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung [2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung [2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung [2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a} [2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.23 09:59:50 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe [2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig [2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8 [2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2 [2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.10.02 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\CelloCD [2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.30 20:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.30 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.30 19:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job [2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.30 17:39:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.30 17:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.30 17:08:45 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job [2012.10.29 17:29:10 | 001,360,590 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.29 17:29:10 | 000,823,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.29 17:29:10 | 000,366,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.29 17:29:10 | 000,322,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 21:31:49 | 063,541,565 | ---- | M] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe [2012.10.25 20:36:03 | 000,000,786 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel [2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.23 10:01:48 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 20:36:03 | 000,000,786 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel [2012.10.25 20:21:25 | 063,541,565 | ---- | C] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe [2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png [2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar [2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml [2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties [2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore [2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer [2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer [2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat [2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar [2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig [2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId [2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history [2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid [2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass [2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore [2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat [2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.07.13 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Amazon [2010.06.29 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Audacity [2009.09.29 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Canon [2010.06.07 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\com.adobe.ExMan [2011.12.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Cornelsen [2010.02.14 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Desktopicon [2012.07.18 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Dropbox [2008.10.05 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\FireShot [2010.05.19 22:45:13 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\GetRightToGo [2012.08.14 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\gtk-2.0 [2012.05.13 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\ICQ [2010.11.07 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\InfraRecorder [2010.12.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\inkscape [2009.11.13 10:09:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\myphotobook [2012.06.15 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\MySQL [2012.09.03 09:15:35 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Nokia [2012.05.29 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Notepad++ [2010.04.01 15:30:33 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Online Solutions [2011.01.19 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\OpenOffice.org [2012.09.03 09:15:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PC Suite [2009.03.12 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\pdf995 [2012.09.03 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PeerNetworking [2011.08.29 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Philipp Winterberg [2012.05.25 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\postgresql [2012.10.23 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Samsung [2010.02.24 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Scribus [2010.04.13 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Subversion [2012.05.04 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\SumatraPDF [2010.03.30 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\syntevo [2011.12.12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\TeamViewer [2009.01.02 00:07:07 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\WEBDE ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06294227-C1D9-4452-8790-01E55C822560}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{39EF8E6A-440D-465A-A8F1-0E8B702353AB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{5BE1C8A7-ACA0-4CEB-A902-7920FA058015}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{8557EBD9-86B8-4BC3-86BA-0460A955C0A4}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D437FA88-B03F-4818-A490-22F00291D428}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F8D69ED5-B2AF-411F-B9EC-AC092DE467C3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 12:29:21 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description =
Error - 29.10.2012 12:30:44 | Computer Name = evandi-PC | Source = Perflib | ID = 1010
Description =
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2620
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2620
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4227
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4227
[ System Events ]
Error - 25.10.2012 05:03:00 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 05:04:40 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-01 09:54:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 7hq8loob.exe; Driver: C:\Users\evandi\AppData\Local\Temp\pxdiypog.sys
---- System - GMER 1.0.15 ----
SSDT 8D0FCA8E ZwCreateSection
SSDT 8D0FCA98 ZwRequestWaitReplyPort
SSDT 8D0FCA93 ZwSetContextThread
SSDT 8D0FCA9D ZwSetSecurityObject
SSDT 8D0FCAA2 ZwSystemDebugControl
SSDT 8D0FCA2F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82AC68D8 4 Bytes [8E, CA, 0F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 82AC6BFC 4 Bytes [98, CA, 0F, 8D] {CWDE ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 56D 82AC6C30 4 Bytes [93, CA, 0F, 8D] {XCHG EBX, EAX; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82AC6C94 4 Bytes [9D, CA, 0F, 8D] {POPF ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 619 82AC6CDC 4 Bytes [A2, CA, 0F, 8D]
.text ...
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\upnphost\4,Windows automatically (not active ControlSet)
---- EOF - GMER 1.0.15 ----
andi |
|
06.11.2012, 21:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Das dürfte der andere von dir angekündigte PC sein, richtig?
__________________ Schon irgendwelche Scans gemacht? Wenn ja => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten
__________________ |
|
07.11.2012, 20:35
| #3 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome So ist es. Das ist der andere PC. Habe Avira drüer laufen lassen, ohne Befund. Danach dann Malwarebytes. folgend das Log
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.06.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 evandi :: EVANDI-PC [Administrator] 06.11.2012 21:50:51 mbam-log-2012-11-06 (21-50-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 628754 Laufzeit: 4 Stunde(n), 58 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Andi |
|
07.11.2012, 21:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2012, 21:38
| #5 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome hier sind die beiden logs Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 21:25:46
-----------------------------
21:25:46.813 OS Version: Windows 6.0.6002 Service Pack 2
21:25:46.813 Number of processors: 2 586 0xF0D
21:25:46.816 ComputerName: EVANDI-PC UserName: evandi
21:26:38.277 Initialize success
21:27:01.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:27:01.274 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:27:01.326 Disk 0 MBR read successfully
21:27:01.337 Disk 0 MBR scan
21:27:01.343 Disk 0 unknown MBR code
21:27:01.363 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227216 MB offset 63
21:27:01.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11256 MB offset 465338790
21:27:01.430 Disk 0 scanning sectors +488392065
21:27:01.501 Disk 0 scanning C:\Windows\system32\drivers
21:27:10.414 Service scanning
21:27:27.279 Modules scanning
21:27:32.534 Disk 0 trace - called modules:
21:27:32.571 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:27:32.579 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86834ac8]
21:27:32.587 3 CLASSPNP.SYS[8b1ac8b3] -> nt!IofCallDriver -> [0x85d5f5f0]
21:27:32.596 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d0c028]
21:27:32.605 Scan finished successfully
21:27:48.988 Disk 0 MBR has been saved successfully to "C:\Users\evandi\Desktop\MBR.dat"
21:27:48.996 The log file has been saved successfully to "C:\Users\evandi\Desktop\aswMBR.txt"
Code:
ATTFilter 21:31:50.0266 5708 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:31:50.0503 5708 ============================================================
21:31:50.0503 5708 Current date / time: 2012/11/08 21:31:50.0503
21:31:50.0503 5708 SystemInfo:
21:31:50.0503 5708
21:31:50.0503 5708 OS Version: 6.0.6002 ServicePack: 2.0
21:31:50.0503 5708 Product type: Workstation
21:31:50.0504 5708 ComputerName: EVANDI-PC
21:31:50.0504 5708 UserName: evandi
21:31:50.0504 5708 Windows directory: C:\Windows
21:31:50.0504 5708 System windows directory: C:\Windows
21:31:50.0504 5708 Processor architecture: Intel x86
21:31:50.0504 5708 Number of processors: 2
21:31:50.0504 5708 Page size: 0x1000
21:31:50.0504 5708 Boot type: Normal boot
21:31:50.0504 5708 ============================================================
21:31:51.0050 5708 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:31:51.0052 5708 ============================================================
21:31:51.0052 5708 \Device\Harddisk0\DR0:
21:31:51.0053 5708 MBR partitions:
21:31:51.0053 5708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BBC8167
21:31:51.0053 5708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BBC81A6, BlocksNum 0x15FC3DB
21:31:51.0053 5708 ============================================================
21:31:51.0065 5708 C: <-> \Device\Harddisk0\DR0\Partition1
21:31:51.0138 5708 D: <-> \Device\Harddisk0\DR0\Partition2
21:31:51.0138 5708 ============================================================
21:31:51.0139 5708 Initialize success
21:31:51.0139 5708 ============================================================
21:32:20.0460 1984 ============================================================
21:32:20.0460 1984 Scan started
21:32:20.0460 1984 Mode: Manual; SigCheck; TDLFS;
21:32:20.0460 1984 ============================================================
21:32:20.0837 1984 ================ Scan system memory ========================
21:32:20.0837 1984 System memory - ok
21:32:20.0837 1984 ================ Scan services =============================
21:32:21.0019 1984 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:32:21.0199 1984 ACPI - ok
21:32:21.0206 1984 adfs - ok
21:32:21.0307 1984 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:21.0325 1984 AdobeFlashPlayerUpdateSvc - ok
21:32:21.0403 1984 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:32:21.0435 1984 adp94xx - ok
21:32:21.0508 1984 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:32:21.0536 1984 adpahci - ok
21:32:21.0565 1984 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:32:21.0586 1984 adpu160m - ok
21:32:21.0620 1984 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:32:21.0636 1984 adpu320 - ok
21:32:21.0679 1984 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:32:21.0802 1984 AeLookupSvc - ok
21:32:21.0880 1984 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:32:21.0937 1984 AFD - ok
21:32:21.0986 1984 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:32:22.0009 1984 agp440 - ok
21:32:22.0050 1984 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:32:22.0075 1984 aic78xx - ok
21:32:22.0322 1984 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files\common files\akamai/netsession_win_b5e8a4c.dll
21:32:22.0322 1984 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
21:32:22.0340 1984 Akamai ( HiddenFile.Multi.Generic ) - warning
21:32:22.0340 1984 Akamai - detected HiddenFile.Multi.Generic (1)
21:32:22.0363 1984 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:32:22.0560 1984 ALG - ok
21:32:22.0611 1984 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:32:22.0634 1984 aliide - ok
21:32:22.0684 1984 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:32:22.0705 1984 amdagp - ok
21:32:22.0739 1984 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:32:22.0754 1984 amdide - ok
21:32:22.0775 1984 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:32:22.0843 1984 AmdK7 - ok
21:32:22.0876 1984 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:32:22.0949 1984 AmdK8 - ok
21:32:23.0037 1984 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:32:23.0073 1984 AntiVirSchedulerService - ok
21:32:23.0129 1984 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:32:23.0148 1984 AntiVirService - ok
21:32:23.0186 1984 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:32:23.0252 1984 ApfiltrService - ok
21:32:23.0293 1984 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:32:23.0318 1984 Appinfo - ok
21:32:23.0407 1984 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:23.0425 1984 Apple Mobile Device - ok
21:32:23.0454 1984 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:32:23.0472 1984 arc - ok
21:32:23.0518 1984 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:32:23.0539 1984 arcsas - ok
21:32:23.0580 1984 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:23.0661 1984 AsyncMac - ok
21:32:23.0708 1984 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:32:23.0733 1984 atapi - ok
21:32:23.0819 1984 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
21:32:23.0941 1984 athr - ok
21:32:24.0011 1984 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:32:24.0059 1984 AudioEndpointBuilder - ok
21:32:24.0089 1984 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:32:24.0115 1984 Audiosrv - ok
21:32:24.0159 1984 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:32:24.0219 1984 avgntflt - ok
21:32:24.0251 1984 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:32:24.0266 1984 avipbb - ok
21:32:24.0282 1984 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:32:24.0295 1984 avkmgr - ok
21:32:24.0350 1984 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:32:24.0592 1984 BCM43XV - ok
21:32:24.0621 1984 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:32:24.0698 1984 Beep - ok
21:32:24.0790 1984 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:32:24.0876 1984 BFE - ok
21:32:24.0938 1984 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:32:25.0047 1984 BITS - ok
21:32:25.0065 1984 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:32:25.0124 1984 blbdrive - ok
21:32:25.0214 1984 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:32:25.0266 1984 Bonjour Service - ok
21:32:25.0330 1984 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:32:25.0395 1984 bowser - ok
21:32:25.0449 1984 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:32:25.0514 1984 BrFiltLo - ok
21:32:25.0532 1984 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:32:25.0618 1984 BrFiltUp - ok
21:32:25.0660 1984 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:32:25.0763 1984 Browser - ok
21:32:25.0819 1984 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:32:25.0949 1984 Brserid - ok
21:32:25.0989 1984 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:32:26.0098 1984 BrSerWdm - ok
21:32:26.0117 1984 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:32:26.0220 1984 BrUsbMdm - ok
21:32:26.0242 1984 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:32:26.0291 1984 BrUsbSer - ok
21:32:26.0343 1984 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:32:26.0409 1984 BTHMODEM - ok
21:32:26.0453 1984 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:32:26.0501 1984 cdfs - ok
21:32:26.0550 1984 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:32:26.0584 1984 cdrom - ok
21:32:26.0625 1984 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:32:26.0688 1984 CertPropSvc - ok
21:32:26.0712 1984 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:32:26.0760 1984 circlass - ok
21:32:26.0825 1984 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:32:26.0854 1984 CLFS - ok
21:32:26.0906 1984 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:26.0925 1984 clr_optimization_v2.0.50727_32 - ok
21:32:27.0060 1984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:27.0127 1984 clr_optimization_v4.0.30319_32 - ok
21:32:27.0158 1984 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:32:27.0238 1984 CmBatt - ok
21:32:27.0262 1984 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:32:27.0292 1984 cmdide - ok
21:32:27.0342 1984 [ 2E39F9C51912F4F211B0334AED33E7BD ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:32:27.0412 1984 CnxtHdAudService - ok
21:32:27.0497 1984 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:32:27.0518 1984 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
21:32:27.0518 1984 Com4Qlb - detected UnsignedFile.Multi.Generic (1)
21:32:27.0558 1984 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:32:27.0574 1984 Compbatt - ok
21:32:27.0583 1984 COMSysApp - ok
21:32:27.0608 1984 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:32:27.0622 1984 crcdisk - ok
21:32:27.0657 1984 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:32:27.0685 1984 Crusoe - ok
21:32:27.0735 1984 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:32:27.0816 1984 CryptSvc - ok
21:32:27.0876 1984 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
21:32:27.0920 1984 CVirtA - ok
21:32:28.0029 1984 [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:32:28.0266 1984 CVPND - ok
21:32:28.0324 1984 [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:32:28.0387 1984 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:32:28.0387 1984 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:32:28.0443 1984 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:32:28.0565 1984 DcomLaunch - ok
21:32:28.0624 1984 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:32:28.0670 1984 DfsC - ok
21:32:28.0770 1984 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:32:29.0084 1984 DFSR - ok
21:32:29.0168 1984 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:32:29.0182 1984 dg_ssudbus - ok
21:32:29.0262 1984 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:32:29.0323 1984 Dhcp - ok
21:32:29.0449 1984 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:32:29.0475 1984 disk - ok
21:32:29.0549 1984 [ 694616F813FB627A32C9E32DEC133078 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
21:32:29.0563 1984 DNE - ok
21:32:29.0617 1984 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:32:29.0668 1984 Dnscache - ok
21:32:29.0724 1984 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:32:29.0785 1984 dot3svc - ok
21:32:29.0828 1984 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:32:29.0873 1984 DPS - ok
21:32:29.0935 1984 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:32:29.0986 1984 drmkaud - ok
21:32:30.0057 1984 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:32:30.0139 1984 DXGKrnl - ok
21:32:30.0200 1984 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:32:30.0251 1984 E1G60 - ok
21:32:30.0305 1984 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:32:30.0346 1984 EapHost - ok
21:32:30.0400 1984 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:32:30.0420 1984 Ecache - ok
21:32:30.0469 1984 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:32:30.0493 1984 ehRecvr - ok
21:32:30.0509 1984 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:32:30.0550 1984 ehSched - ok
21:32:30.0576 1984 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:32:30.0591 1984 ehstart - ok
21:32:30.0654 1984 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:32:30.0679 1984 elxstor - ok
21:32:30.0746 1984 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:32:30.0850 1984 EMDMgmt - ok
21:32:30.0884 1984 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:32:30.0928 1984 ErrDev - ok
21:32:30.0994 1984 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:32:31.0044 1984 EventSystem - ok
21:32:31.0093 1984 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:32:31.0165 1984 exfat - ok
21:32:31.0213 1984 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:32:31.0252 1984 fastfat - ok
21:32:31.0290 1984 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:32:31.0343 1984 fdc - ok
21:32:31.0383 1984 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:32:31.0421 1984 fdPHost - ok
21:32:31.0430 1984 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:32:31.0529 1984 FDResPub - ok
21:32:31.0570 1984 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:32:31.0590 1984 FileInfo - ok
21:32:31.0623 1984 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:32:31.0691 1984 Filetrace - ok
21:32:31.0765 1984 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:32:31.0846 1984 FLEXnet Licensing Service - ok
21:32:31.0882 1984 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:31.0945 1984 flpydisk - ok
21:32:31.0994 1984 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:32:32.0013 1984 FltMgr - ok
21:32:32.0108 1984 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:32:32.0197 1984 FontCache - ok
21:32:32.0272 1984 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:32.0289 1984 FontCache3.0.0.0 - ok
21:32:32.0317 1984 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:32:32.0353 1984 Fs_Rec - ok
21:32:32.0406 1984 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:32:32.0431 1984 gagp30kx - ok
21:32:32.0507 1984 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:32:32.0534 1984 GameConsoleService - ok
21:32:32.0565 1984 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:32.0582 1984 GEARAspiWDM - ok
21:32:32.0637 1984 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:32:32.0737 1984 gpsvc - ok
21:32:32.0836 1984 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:32.0852 1984 gupdate - ok
21:32:32.0882 1984 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:32.0898 1984 gupdatem - ok
21:32:32.0973 1984 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:32:32.0993 1984 gusvc - ok
21:32:33.0044 1984 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
21:32:33.0096 1984 HBtnKey - ok
21:32:33.0170 1984 [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
21:32:33.0211 1984 HdAudAddService - ok
21:32:33.0282 1984 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:33.0390 1984 HDAudBus - ok
21:32:33.0447 1984 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:32:33.0536 1984 HidBth - ok
21:32:33.0576 1984 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:32:33.0630 1984 HidIr - ok
21:32:33.0676 1984 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:32:33.0712 1984 hidserv - ok
21:32:33.0747 1984 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:32:33.0791 1984 HidUsb - ok
21:32:33.0828 1984 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:32:33.0886 1984 hkmsvc - ok
21:32:33.0971 1984 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:32:34.0008 1984 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:32:34.0009 1984 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:32:34.0046 1984 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:32:34.0071 1984 HpCISSs - ok
21:32:34.0101 1984 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:32:34.0172 1984 HpqKbFiltr - ok
21:32:34.0239 1984 [ F8968C9778F25A90A35755C3C97C7F62 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
21:32:34.0254 1984 hpqwmiex - ok
21:32:34.0310 1984 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:32:34.0367 1984 HSFHWAZL - ok
21:32:34.0432 1984 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:32:34.0518 1984 HSF_DPV - ok
21:32:34.0540 1984 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:32:34.0588 1984 HSXHWAZL - ok
21:32:34.0649 1984 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:32:34.0722 1984 HTTP - ok
21:32:34.0787 1984 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:32:34.0818 1984 i2omp - ok
21:32:34.0878 1984 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:34.0943 1984 i8042prt - ok
21:32:35.0025 1984 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:32:35.0071 1984 IAANTMON - ok
21:32:35.0116 1984 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:32:35.0155 1984 iaStor - ok
21:32:35.0183 1984 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:32:35.0212 1984 iaStorV - ok
21:32:35.0257 1984 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:32:35.0285 1984 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:32:35.0285 1984 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:32:35.0352 1984 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:35.0443 1984 idsvc - ok
21:32:35.0527 1984 [ 04E385059DA704EC6659DDB1526C4193 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:32:35.0713 1984 igfx - ok
21:32:35.0759 1984 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:32:35.0781 1984 iirsp - ok
21:32:35.0839 1984 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:32:35.0900 1984 IKEEXT - ok
21:32:35.0959 1984 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:32:35.0973 1984 intelide - ok
21:32:35.0997 1984 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:32:36.0041 1984 intelppm - ok
21:32:36.0071 1984 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:32:36.0108 1984 IPBusEnum - ok
21:32:36.0130 1984 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:36.0197 1984 IpFilterDriver - ok
21:32:36.0248 1984 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:32:36.0306 1984 iphlpsvc - ok
21:32:36.0314 1984 IpInIp - ok
21:32:36.0335 1984 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:32:36.0384 1984 IPMIDRV - ok
21:32:36.0407 1984 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:32:36.0462 1984 IPNAT - ok
21:32:36.0493 1984 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:32:36.0580 1984 IRENUM - ok
21:32:36.0614 1984 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:32:36.0634 1984 isapnp - ok
21:32:36.0683 1984 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:36.0714 1984 iScsiPrt - ok
21:32:36.0753 1984 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:32:36.0774 1984 iteatapi - ok
21:32:36.0802 1984 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:32:36.0818 1984 iteraid - ok
21:32:36.0847 1984 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:36.0861 1984 kbdclass - ok
21:32:36.0895 1984 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:36.0926 1984 kbdhid - ok
21:32:36.0967 1984 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:32:36.0984 1984 KeyIso - ok
21:32:37.0055 1984 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:32:37.0106 1984 KSecDD - ok
21:32:37.0175 1984 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:32:37.0280 1984 KtmRm - ok
21:32:37.0334 1984 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:32:37.0366 1984 LanmanServer - ok
21:32:37.0410 1984 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:32:37.0467 1984 LanmanWorkstation - ok
21:32:37.0537 1984 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:32:37.0556 1984 LightScribeService - ok
21:32:37.0586 1984 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:32:37.0646 1984 lltdio - ok
21:32:37.0703 1984 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:32:37.0794 1984 lltdsvc - ok
21:32:37.0820 1984 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:32:37.0915 1984 lmhosts - ok
21:32:37.0949 1984 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:32:37.0965 1984 LSI_FC - ok
21:32:37.0998 1984 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:32:38.0014 1984 LSI_SAS - ok
21:32:38.0053 1984 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:32:38.0068 1984 LSI_SCSI - ok
21:32:38.0089 1984 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:32:38.0168 1984 luafv - ok
21:32:38.0229 1984 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:32:38.0244 1984 MBAMProtector - ok
21:32:38.0323 1984 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:32:38.0366 1984 MBAMScheduler - ok
21:32:38.0437 1984 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:32:38.0489 1984 MBAMService - ok
21:32:38.0588 1984 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:32:38.0615 1984 Mcx2Svc - ok
21:32:38.0663 1984 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:32:38.0700 1984 mdmxsdk - ok
21:32:38.0751 1984 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:32:38.0765 1984 megasas - ok
21:32:38.0826 1984 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:32:38.0869 1984 MegaSR - ok
21:32:38.0939 1984 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:32:38.0974 1984 MMCSS - ok
21:32:39.0007 1984 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:32:39.0045 1984 Modem - ok
21:32:39.0062 1984 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:32:39.0123 1984 monitor - ok
21:32:39.0155 1984 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:32:39.0178 1984 mouclass - ok
21:32:39.0196 1984 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:32:39.0243 1984 mouhid - ok
21:32:39.0262 1984 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:32:39.0287 1984 MountMgr - ok
21:32:39.0313 1984 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:32:39.0334 1984 mpio - ok
21:32:39.0358 1984 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:32:39.0413 1984 mpsdrv - ok
21:32:39.0469 1984 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:32:39.0545 1984 MpsSvc - ok
21:32:39.0580 1984 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:32:39.0594 1984 Mraid35x - ok
21:32:39.0627 1984 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:32:39.0668 1984 MRxDAV - ok
21:32:39.0716 1984 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:39.0765 1984 mrxsmb - ok
21:32:39.0813 1984 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:39.0855 1984 mrxsmb10 - ok
21:32:39.0883 1984 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:39.0924 1984 mrxsmb20 - ok
21:32:39.0965 1984 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:32:39.0990 1984 msahci - ok
21:32:40.0022 1984 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:32:40.0074 1984 msdsm - ok
21:32:40.0106 1984 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:32:40.0180 1984 MSDTC - ok
21:32:40.0216 1984 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:32:40.0278 1984 Msfs - ok
21:32:40.0308 1984 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:32:40.0323 1984 msisadrv - ok
21:32:40.0344 1984 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:32:40.0386 1984 MSiSCSI - ok
21:32:40.0394 1984 msiserver - ok
21:32:40.0445 1984 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:32:40.0473 1984 MSKSSRV - ok
21:32:40.0520 1984 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:40.0548 1984 MSPCLOCK - ok
21:32:40.0581 1984 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:32:40.0610 1984 MSPQM - ok
21:32:40.0649 1984 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:32:40.0667 1984 MsRPC - ok
21:32:40.0690 1984 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:40.0707 1984 mssmbios - ok
21:32:40.0717 1984 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:32:40.0776 1984 MSTEE - ok
21:32:40.0805 1984 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:32:40.0828 1984 Mup - ok
21:32:40.0862 1984 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:32:40.0932 1984 napagent - ok
21:32:40.0986 1984 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:32:41.0022 1984 NativeWifiP - ok
21:32:41.0069 1984 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:32:41.0103 1984 NDIS - ok
21:32:41.0135 1984 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:41.0171 1984 NdisTapi - ok
21:32:41.0184 1984 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:41.0220 1984 Ndisuio - ok
21:32:41.0240 1984 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:41.0264 1984 NdisWan - ok
21:32:41.0286 1984 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:32:41.0323 1984 NDProxy - ok
21:32:41.0341 1984 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:32:41.0413 1984 NetBIOS - ok
21:32:41.0460 1984 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:32:41.0517 1984 netbt - ok
21:32:41.0540 1984 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:32:41.0561 1984 Netlogon - ok
21:32:41.0597 1984 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:32:41.0668 1984 Netman - ok
21:32:41.0706 1984 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:32:41.0763 1984 netprofm - ok
21:32:41.0799 1984 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:41.0825 1984 NetTcpPortSharing - ok
21:32:41.0863 1984 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:32:41.0885 1984 nfrd960 - ok
21:32:41.0920 1984 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:32:41.0976 1984 NlaSvc - ok
21:32:42.0000 1984 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:32:42.0038 1984 Npfs - ok
21:32:42.0051 1984 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:32:42.0127 1984 nsi - ok
21:32:42.0153 1984 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:32:42.0224 1984 nsiproxy - ok
21:32:42.0327 1984 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:32:42.0439 1984 Ntfs - ok
21:32:42.0471 1984 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:32:42.0577 1984 ntrigdigi - ok
21:32:42.0599 1984 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:32:42.0652 1984 Null - ok
21:32:42.0687 1984 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
21:32:42.0747 1984 NVENETFD - ok
21:32:42.0769 1984 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:32:42.0784 1984 nvraid - ok
21:32:42.0812 1984 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:32:42.0829 1984 nvstor - ok
21:32:42.0866 1984 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:32:42.0884 1984 nv_agp - ok
21:32:42.0892 1984 NwlnkFlt - ok
21:32:42.0902 1984 NwlnkFwd - ok
21:32:42.0991 1984 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:32:43.0039 1984 odserv - ok
21:32:43.0104 1984 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:32:43.0186 1984 ohci1394 - ok
21:32:43.0251 1984 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:43.0268 1984 ose - ok
21:32:43.0547 1984 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:32:44.0160 1984 osppsvc - ok
21:32:44.0232 1984 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:32:44.0310 1984 p2pimsvc - ok
21:32:44.0336 1984 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:32:44.0424 1984 p2psvc - ok
21:32:44.0480 1984 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:32:44.0589 1984 Parport - ok
21:32:44.0637 1984 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:32:44.0652 1984 partmgr - ok
21:32:44.0671 1984 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:32:44.0750 1984 Parvdm - ok
21:32:44.0796 1984 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:32:44.0824 1984 PcaSvc - ok
21:32:44.0879 1984 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:32:44.0906 1984 pccsmcfd - ok
21:32:44.0943 1984 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:32:44.0967 1984 pci - ok
21:32:44.0984 1984 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:32:45.0003 1984 pciide - ok
21:32:45.0037 1984 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:32:45.0061 1984 pcmcia - ok
21:32:45.0122 1984 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:32:45.0282 1984 PEAUTH - ok
21:32:45.0384 1984 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:32:45.0532 1984 pla - ok
21:32:45.0581 1984 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:32:45.0632 1984 PlugPlay - ok
21:32:45.0671 1984 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:32:45.0723 1984 PNRPAutoReg - ok
21:32:45.0771 1984 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:32:45.0802 1984 PNRPsvc - ok
21:32:45.0836 1984 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:32:45.0875 1984 PolicyAgent - ok
21:32:45.0984 1984 postgresql-9.1 - ok
21:32:46.0008 1984 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:32:46.0064 1984 PptpMiniport - ok
21:32:46.0097 1984 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:32:46.0147 1984 Processor - ok
21:32:46.0176 1984 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:32:46.0209 1984 ProfSvc - ok
21:32:46.0221 1984 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:32:46.0240 1984 ProtectedStorage - ok
21:32:46.0275 1984 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:32:46.0325 1984 PSched - ok
21:32:46.0408 1984 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:32:46.0526 1984 ql2300 - ok
21:32:46.0564 1984 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:32:46.0589 1984 ql40xx - ok
21:32:46.0634 1984 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:32:46.0694 1984 QWAVE - ok
21:32:46.0727 1984 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:32:46.0760 1984 QWAVEdrv - ok
21:32:46.0779 1984 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:32:46.0822 1984 RasAcd - ok
21:32:46.0840 1984 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:32:46.0886 1984 RasAuto - ok
21:32:46.0941 1984 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:46.0985 1984 Rasl2tp - ok
21:32:47.0023 1984 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:32:47.0062 1984 RasMan - ok
21:32:47.0093 1984 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:47.0138 1984 RasPppoe - ok
21:32:47.0169 1984 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:32:47.0191 1984 RasSstp - ok
21:32:47.0234 1984 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:32:47.0292 1984 rdbss - ok
21:32:47.0327 1984 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:47.0389 1984 RDPCDD - ok
21:32:47.0433 1984 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:32:47.0465 1984 rdpdr - ok
21:32:47.0472 1984 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:32:47.0518 1984 RDPENCDD - ok
21:32:47.0571 1984 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:32:47.0626 1984 RDPWD - ok
21:32:47.0692 1984 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:32:47.0753 1984 RemoteAccess - ok
21:32:47.0781 1984 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:32:47.0823 1984 RemoteRegistry - ok
21:32:47.0888 1984 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:32:47.0917 1984 RichVideo - ok
21:32:47.0936 1984 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:32:47.0970 1984 RpcLocator - ok
21:32:47.0999 1984 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:32:48.0088 1984 RpcSs - ok
21:32:48.0125 1984 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:32:48.0191 1984 rspndr - ok
21:32:48.0245 1984 [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:32:48.0308 1984 RTL8023xp - ok
21:32:48.0362 1984 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
21:32:48.0405 1984 RTSTOR - ok
21:32:48.0435 1984 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:32:48.0469 1984 SamSs - ok
21:32:48.0513 1984 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:32:48.0527 1984 SASDIFSV - ok
21:32:48.0574 1984 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:32:48.0587 1984 SASENUM - ok
21:32:48.0621 1984 [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:32:48.0633 1984 SASKUTIL - ok
21:32:48.0669 1984 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:32:48.0688 1984 sbp2port - ok
21:32:48.0737 1984 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:32:48.0766 1984 SCardSvr - ok
21:32:48.0835 1984 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:32:48.0954 1984 Schedule - ok
21:32:48.0975 1984 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:32:49.0006 1984 SCPolicySvc - ok
21:32:49.0025 1984 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:32:49.0073 1984 SDRSVC - ok
21:32:49.0106 1984 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:32:49.0209 1984 secdrv - ok
21:32:49.0237 1984 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:32:49.0304 1984 seclogon - ok
21:32:49.0322 1984 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:32:49.0390 1984 SENS - ok
21:32:49.0423 1984 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:32:49.0503 1984 Serenum - ok
21:32:49.0531 1984 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:32:49.0636 1984 Serial - ok
21:32:49.0663 1984 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:32:49.0710 1984 sermouse - ok
21:32:49.0816 1984 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:32:49.0879 1984 ServiceLayer - ok
21:32:49.0947 1984 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:32:49.0983 1984 SessionEnv - ok
21:32:50.0001 1984 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:32:50.0049 1984 sffdisk - ok
21:32:50.0076 1984 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:32:50.0124 1984 sffp_mmc - ok
21:32:50.0144 1984 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:32:50.0191 1984 sffp_sd - ok
21:32:50.0207 1984 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:32:50.0256 1984 sfloppy - ok
21:32:50.0290 1984 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:32:50.0334 1984 SharedAccess - ok
21:32:50.0391 1984 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:32:50.0447 1984 ShellHWDetection - ok
21:32:50.0471 1984 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:32:50.0491 1984 sisagp - ok
21:32:50.0517 1984 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:32:50.0536 1984 SiSRaid2 - ok
21:32:50.0561 1984 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:32:50.0582 1984 SiSRaid4 - ok
21:32:50.0677 1984 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:32:50.0706 1984 SkypeUpdate - ok
21:32:50.0854 1984 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:32:51.0095 1984 slsvc - ok
21:32:51.0154 1984 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:32:51.0225 1984 SLUINotify - ok
21:32:51.0256 1984 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\drivers\Smb.sys
21:32:51.0306 1984 Smb - ok
21:32:51.0342 1984 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:32:51.0376 1984 SNMPTRAP - ok
21:32:51.0401 1984 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:32:51.0433 1984 spldr - ok
21:32:51.0497 1984 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:32:51.0555 1984 Spooler - ok
21:32:51.0611 1984 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:32:51.0682 1984 srv - ok
21:32:51.0728 1984 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:32:51.0773 1984 srv2 - ok
21:32:51.0808 1984 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:32:51.0866 1984 srvnet - ok
21:32:51.0904 1984 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:32:51.0976 1984 SSDPSRV - ok
21:32:52.0003 1984 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:32:52.0025 1984 ssmdrv - ok
21:32:52.0045 1984 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:32:52.0104 1984 SstpSvc - ok
21:32:52.0178 1984 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:32:52.0210 1984 ssudmdm - ok
21:32:52.0281 1984 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:32:52.0409 1984 stisvc - ok
21:32:52.0446 1984 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:32:52.0476 1984 swenum - ok
21:32:52.0518 1984 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:32:52.0607 1984 swprv - ok
21:32:52.0639 1984 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:32:52.0669 1984 Symc8xx - ok
21:32:52.0679 1984 SymIM - ok
21:32:52.0694 1984 SymIMMP - ok
21:32:52.0717 1984 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:32:52.0747 1984 Sym_hi - ok
21:32:52.0761 1984 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:32:52.0791 1984 Sym_u3 - ok
21:32:52.0836 1984 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:32:52.0936 1984 SysMain - ok
21:32:52.0990 1984 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:32:53.0013 1984 TabletInputService - ok
21:32:53.0043 1984 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:32:53.0097 1984 TapiSrv - ok
21:32:53.0127 1984 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:32:53.0197 1984 TBS - ok
21:32:53.0270 1984 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:32:53.0357 1984 Tcpip - ok
21:32:53.0410 1984 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:32:53.0479 1984 Tcpip6 - ok
21:32:53.0526 1984 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:32:53.0561 1984 tcpipreg - ok
21:32:53.0620 1984 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:32:53.0671 1984 TDPIPE - ok
21:32:53.0733 1984 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:32:53.0782 1984 TDTCP - ok
21:32:53.0832 1984 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:32:53.0904 1984 tdx - ok
21:32:54.0092 1984 [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
21:32:54.0267 1984 TeamViewer6 - ok
21:32:54.0452 1984 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:32:54.0623 1984 TeamViewer7 - ok
21:32:54.0649 1984 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:32:54.0676 1984 TermDD - ok
21:32:54.0722 1984 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:32:54.0827 1984 TermService - ok
21:32:54.0864 1984 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:32:54.0916 1984 Themes - ok
21:32:54.0947 1984 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:32:54.0981 1984 THREADORDER - ok
21:32:55.0015 1984 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:32:55.0082 1984 TrkWks - ok
21:32:55.0151 1984 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:32:55.0183 1984 TrustedInstaller - ok
21:32:55.0222 1984 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:55.0268 1984 tssecsrv - ok
21:32:55.0302 1984 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:32:55.0356 1984 tunmp - ok
21:32:55.0394 1984 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:32:55.0418 1984 tunnel - ok
21:32:55.0454 1984 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:32:55.0479 1984 uagp35 - ok
21:32:55.0535 1984 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:32:55.0562 1984 udfs - ok
21:32:55.0612 1984 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:32:55.0661 1984 UI0Detect - ok
21:32:55.0679 1984 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:32:55.0695 1984 uliagpkx - ok
21:32:55.0724 1984 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:32:55.0747 1984 uliahci - ok
21:32:55.0782 1984 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:32:55.0800 1984 UlSata - ok
21:32:55.0827 1984 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:32:55.0846 1984 ulsata2 - ok
21:32:55.0878 1984 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:32:55.0938 1984 umbus - ok
21:32:55.0969 1984 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:32:56.0053 1984 upnphost - ok
21:32:56.0128 1984 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:32:56.0150 1984 USBAAPL - ok
21:32:56.0196 1984 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:56.0266 1984 usbccgp - ok
21:32:56.0300 1984 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:32:56.0348 1984 usbcir - ok
21:32:56.0394 1984 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:32:56.0433 1984 usbehci - ok
21:32:56.0458 1984 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:32:56.0484 1984 usbhub - ok
21:32:56.0511 1984 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:32:56.0554 1984 usbohci - ok
21:32:56.0587 1984 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:32:56.0647 1984 usbprint - ok
21:32:56.0688 1984 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:32:56.0745 1984 usbscan - ok
21:32:56.0790 1984 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:56.0820 1984 USBSTOR - ok
21:32:56.0852 1984 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:56.0891 1984 usbuhci - ok
21:32:56.0931 1984 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:32:56.0978 1984 usbvideo - ok
21:32:57.0027 1984 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:32:57.0070 1984 usb_rndisx - ok
21:32:57.0099 1984 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:32:57.0145 1984 UxSms - ok
21:32:57.0225 1984 [ 8F417B4B9985F0095CCAF37C58859C4E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:32:57.0250 1984 VBoxDrv - ok
21:32:57.0303 1984 [ EF3F7E498AD2E617FDCBEE939A258015 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:32:57.0317 1984 VBoxNetAdp - ok
21:32:57.0371 1984 [ 0E6574175245ACFE0410947E415F408F ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:32:57.0385 1984 VBoxNetFlt - ok
21:32:57.0430 1984 [ 8ADAA94B516C7CB6962846E527FBCBFA ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:32:57.0445 1984 VBoxUSBMon - ok
21:32:57.0482 1984 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:32:57.0552 1984 vds - ok
21:32:57.0608 1984 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:57.0657 1984 vga - ok
21:32:57.0676 1984 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:32:57.0742 1984 VgaSave - ok
21:32:57.0770 1984 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:32:57.0794 1984 viaagp - ok
21:32:57.0822 1984 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:32:57.0869 1984 ViaC7 - ok
21:32:57.0897 1984 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:32:57.0920 1984 viaide - ok
21:32:57.0948 1984 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:32:57.0973 1984 volmgr - ok
21:32:58.0020 1984 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:32:58.0055 1984 volmgrx - ok
21:32:58.0113 1984 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:32:58.0154 1984 volsnap - ok
21:32:58.0192 1984 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:32:58.0208 1984 vsmraid - ok
21:32:58.0265 1984 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:32:58.0379 1984 VSS - ok
21:32:58.0464 1984 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:32:58.0529 1984 W32Time - ok
21:32:58.0581 1984 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:32:58.0683 1984 WacomPen - ok
21:32:58.0701 1984 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:32:58.0725 1984 Wanarp - ok
21:32:58.0732 1984 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:32:58.0756 1984 Wanarpv6 - ok
21:32:58.0779 1984 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:32:58.0837 1984 wcncsvc - ok
21:32:58.0875 1984 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:32:58.0901 1984 WcsPlugInService - ok
21:32:58.0935 1984 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:32:58.0950 1984 Wd - ok
21:32:58.0989 1984 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:32:59.0022 1984 Wdf01000 - ok
21:32:59.0046 1984 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:32:59.0097 1984 WdiServiceHost - ok
21:32:59.0103 1984 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:32:59.0135 1984 WdiSystemHost - ok
21:32:59.0175 1984 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:32:59.0221 1984 WebClient - ok
21:32:59.0271 1984 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:32:59.0293 1984 Wecsvc - ok
21:32:59.0312 1984 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:32:59.0358 1984 wercplsupport - ok
21:32:59.0403 1984 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:32:59.0441 1984 WerSvc - ok
21:32:59.0476 1984 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:32:59.0597 1984 winachsf - ok
21:32:59.0646 1984 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:32:59.0680 1984 WinDefend - ok
21:32:59.0696 1984 WinHttpAutoProxySvc - ok
21:32:59.0757 1984 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:32:59.0784 1984 Winmgmt - ok
21:32:59.0866 1984 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:32:59.0985 1984 WinRM - ok
21:33:00.0062 1984 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
21:33:00.0092 1984 WinUSB - ok
21:33:00.0137 1984 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:33:00.0233 1984 Wlansvc - ok
21:33:00.0283 1984 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:33:00.0320 1984 WmiAcpi - ok
21:33:00.0362 1984 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:33:00.0426 1984 wmiApSrv - ok
21:33:00.0501 1984 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:33:00.0592 1984 WMPNetworkSvc - ok
21:33:00.0627 1984 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:33:00.0651 1984 WPCSvc - ok
21:33:00.0685 1984 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:33:00.0708 1984 WPDBusEnum - ok
21:33:00.0761 1984 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:33:00.0806 1984 WpdUsb - ok
21:33:00.0967 1984 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:33:01.0052 1984 WPFFontCache_v0400 - ok
21:33:01.0096 1984 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:33:01.0157 1984 ws2ifsl - ok
21:33:01.0202 1984 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:33:01.0223 1984 wscsvc - ok
21:33:01.0229 1984 WSearch - ok
21:33:01.0347 1984 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:33:01.0487 1984 wuauserv - ok
21:33:01.0520 1984 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:01.0576 1984 WUDFRd - ok
21:33:01.0609 1984 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:33:01.0673 1984 wudfsvc - ok
21:33:01.0697 1984 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:33:01.0746 1984 XAudio - ok
21:33:01.0789 1984 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:33:01.0881 1984 XAudioService - ok
21:33:01.0933 1984 ================ Scan global ===============================
21:33:01.0962 1984 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:33:02.0018 1984 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:33:02.0051 1984 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:33:02.0094 1984 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:33:02.0103 1984 [Global] - ok
21:33:02.0103 1984 ================ Scan MBR ==================================
21:33:02.0114 1984 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
21:33:02.0641 1984 \Device\Harddisk0\DR0 - ok
21:33:02.0641 1984 ================ Scan VBR ==================================
21:33:02.0645 1984 [ E9D04FF9D49AF026DF20599FAB73A555 ] \Device\Harddisk0\DR0\Partition1
21:33:02.0647 1984 \Device\Harddisk0\DR0\Partition1 - ok
21:33:02.0654 1984 [ 1A4CF1BD1D14B2FF7F4067D7EAAF3867 ] \Device\Harddisk0\DR0\Partition2
21:33:02.0656 1984 \Device\Harddisk0\DR0\Partition2 - ok
21:33:02.0658 1984 ============================================================
21:33:02.0658 1984 Scan finished
21:33:02.0658 1984 ============================================================
21:33:02.0675 4716 Detected object count: 5
21:33:02.0675 4716 Actual detected object count: 5
21:34:29.0547 4716 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:34:29.0547 4716 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:34:29.0555 4716 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0555 4716 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:29.0557 4716 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0557 4716 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:29.0561 4716 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0561 4716 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:29.0565 4716 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0565 4716 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.11.2012, 23:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Hast offensichtlich nur nervige Werbung drauf adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Startseite "http://www.searchnu.com/406" beim öffnen von Chrome |
|
09.11.2012, 21:59
| #7 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome das klingt ja schon mal gut ! Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 21:56:05 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\evandi\AppData\Roaming\Desktopicon
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v11.0 (de)
Profilname : default
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gefunden [l.1899] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
*************************
AdwCleaner[R1].txt - [4242 octets] - [09/11/2012 21:56:05]
########## EOF - C:\AdwCleaner[R1].txt - [4302 octets] ##########
|
|
09.11.2012, 22:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Versuch bitte alle im adwCleaner-Log erwähnten Einträge (zB alle Toolbars oder Ilivid) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 22:31
| #9 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome auf den ersten Blick, hat sich trotz Löschen von ICQ und Mozilla zunächst nix geändert. Über die systemsteuerung bekomm ich aber grad die Toolbars und ilivid nicht eliminiert. Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:29:00 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\evandi\AppData\Roaming\Desktopicon
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Profilname : default
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gefunden [l.1929] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
*************************
AdwCleaner[R1].txt - [4371 octets] - [09/11/2012 21:56:05]
AdwCleaner[R2].txt - [4431 octets] - [09/11/2012 21:57:09]
AdwCleaner[R3].txt - [4391 octets] - [09/11/2012 22:29:00]
########## EOF - C:\AdwCleaner[R3].txt - [4451 octets] ##########
|
|
09.11.2012, 22:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 23:12
| #11 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von ChromeCode:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:41:44 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\evandi\AppData\Roaming\Desktopicon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Profilname : default
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gelöscht [l.1931] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
*************************
AdwCleaner[R1].txt - [4371 octets] - [09/11/2012 21:56:05]
AdwCleaner[R2].txt - [4431 octets] - [09/11/2012 21:57:09]
AdwCleaner[R3].txt - [4520 octets] - [09/11/2012 22:29:00]
AdwCleaner[S1].txt - [4203 octets] - [09/11/2012 22:41:44]
########## EOF - C:\AdwCleaner[S1].txt - [4263 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.11.2012 22:50:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,02% Memory free 6,20 Gb Paging File | 4,52 Gb Available in Paging File | 72,94% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,89 Gb Total Space | 68,18 Gb Free Space | 30,73% Space Free | Partition Type: NTFS Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\evandi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\9.1\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\Windows\System32\igfxTMM.dll () ========== Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (postgresql-9.1) -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (adfs) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions [2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions [2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb} [2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net [2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi [2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml [2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml [2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml [2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml [2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml [2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml [2012.11.09 22:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\..Trusted Ranges: Range1 ([http] in ) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_Eva\MVAgusta.jpg O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_Eva\MVAgusta.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 21:30:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\evandi\Desktop\tdsskiller.exe [2012.11.08 20:43:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\evandi\Desktop\aswMBR.exe [2012.11.08 10:24:31 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\Referat [2012.11.01 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\IKK [2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5 [2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5 [2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I [2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung [2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung [2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung [2012.10.23 10:31:07 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2012.10.23 10:31:07 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller.dll [2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a} [2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.21 18:24:58 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.10.21 18:24:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.10.21 18:24:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig [2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8 [2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2 [2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.10.11 10:44:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.11 10:43:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.11 10:43:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.09 22:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job [2012.11.09 22:44:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.09 22:44:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 22:44:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 22:44:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.09 22:32:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.09 22:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 21:55:16 | 000,541,569 | ---- | M] () -- C:\Users\evandi\Desktop\adwcleaner.exe [2012.11.08 21:30:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\evandi\Desktop\tdsskiller.exe [2012.11.08 21:27:48 | 000,000,512 | ---- | M] () -- C:\Users\evandi\Desktop\MBR.dat [2012.11.08 20:51:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job [2012.11.08 20:43:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\evandi\Desktop\aswMBR.exe [2012.11.08 20:28:28 | 000,857,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.08 20:28:28 | 000,355,228 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.08 20:28:27 | 001,469,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.08 20:28:27 | 000,402,592 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.08 10:51:48 | 003,378,430 | ---- | M] () -- C:\Users\evandi\Desktop\Rezept Spätzle.pdf [2012.11.06 21:44:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.04 21:32:56 | 000,012,615 | ---- | M] () -- C:\Users\evandi\Desktop\Lebenslauf Eva Thieme.pdf [2012.11.04 21:32:52 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv [2012.11.01 17:00:20 | 000,001,356 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel [2012.10.31 13:52:31 | 598,210,980 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.30 20:59:21 | 000,302,592 | ---- | M] () -- C:\Users\evandi\Desktop\7hq8loob.exe [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 21:55:05 | 000,541,569 | ---- | C] () -- C:\Users\evandi\Desktop\adwcleaner.exe [2012.11.08 21:27:48 | 000,000,512 | ---- | C] () -- C:\Users\evandi\Desktop\MBR.dat [2012.11.08 10:51:41 | 003,378,430 | ---- | C] () -- C:\Users\evandi\Desktop\Rezept Spätzle.pdf [2012.11.06 21:44:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.04 21:32:51 | 000,012,615 | ---- | C] () -- C:\Users\evandi\Desktop\Lebenslauf Eva Thieme.pdf [2012.11.01 17:00:20 | 000,001,356 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel [2012.10.30 20:59:15 | 000,302,592 | ---- | C] () -- C:\Users\evandi\Desktop\7hq8loob.exe [2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png [2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar [2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml [2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties [2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore [2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer [2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer [2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat [2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar [2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig [2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId [2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history [2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid [2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass [2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore [2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat [2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.11.2012 22:50:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,02% Memory free
6,20 Gb Paging File | 4,52 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 68,18 Gb Free Space | 30,73% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.11.2012 07:02:53 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4883
Error - 09.11.2012 07:02:53 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4883
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5928
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5928
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6942
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6942
Error - 09.11.2012 16:51:26 | Computer Name = evandi-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 16:54:26 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description =
Error - 09.11.2012 16:54:49 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description =
Error - 09.11.2012 17:44:55 | Computer Name = evandi-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.11.2012 16:50:21 | Computer Name = evandi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.11.2012 um 14:07:47 unerwartet heruntergefahren.
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.11.2012 16:53:33 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
[/code] |
|
10.11.2012, 01:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Sieht ja gut aus. Ist searchnu jetzt weg? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2012, 19:23
| #13 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome jep so isses. sind wir durch? |
|
11.11.2012, 22:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 22:23
| #15 |
| | Startseite "http://www.searchnu.com/406" beim öffnen von Chrome hier zunächst malaware Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.13.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 evandi :: EVANDI-PC [Administrator] 13.11.2012 21:57:24 mbam-log-2012-11-13 (21-57-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233104 Laufzeit: 11 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Startseite "http://www.searchnu.com/406" beim öffnen von Chrome |
| adobe after effects, akamai, antivir, autorun, avira, bho, bonjour, c:\windows\system32\cmd.exe, document, entfernen, error, excel, firefox, flash player, hijack, hijackthis, home, http://www.searchnu.com/406, hängen, iexplore.exe, intranet, launch, logfile, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, third party, usb 2.0, virtualbox, vista |
Linear-Darstellung
