| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Startseite "http://www.searchnu.com/406" beim öffnen von ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.11.2012, 21:53
| #1 |
 |  Startseite "http://www.searchnu.com/406" beim öffnen von Chrome Hallo, habe o.a. Plagegeist in meiner Startseite. Ich hoffe, ihr könnt mir helfen. Code:
ATTFilter OTL logfile created on: 30.10.2012 20:23:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free 6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe PRC - [2012.08.10 12:37:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 12:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 08:03:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe PRC - [2012.05.03 08:29:42 | 005,234,688 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\postgres.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.10.23 11:09:26 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll MOD - [2012.10.23 11:09:24 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll MOD - [2012.10.23 11:09:20 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll MOD - [2012.10.23 11:09:18 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll MOD - [2012.10.23 11:09:16 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll MOD - [2012.10.23 11:09:13 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll MOD - [2012.10.23 11:09:11 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll MOD - [2012.10.23 11:09:06 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll MOD - [2012.10.23 11:09:03 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll MOD - [2012.10.23 11:08:45 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.10.23 11:08:42 | 005,846,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll MOD - [2012.10.23 11:08:16 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll MOD - [2012.10.23 11:07:59 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll MOD - [2012.10.23 11:07:55 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll MOD - [2012.10.23 11:07:44 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll MOD - [2012.10.23 11:07:42 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll MOD - [2012.10.23 11:07:40 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll MOD - [2012.10.23 11:07:39 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll MOD - [2012.10.23 11:07:38 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll MOD - [2012.10.23 11:07:35 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll MOD - [2012.10.23 11:07:34 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.10.23 11:07:32 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.10.23 11:07:31 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.10.23 11:07:28 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.10.23 11:07:25 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.10.23 11:07:24 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.10.23 11:07:19 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll MOD - [2012.10.23 11:07:14 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll MOD - [2012.10.23 11:07:07 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll MOD - [2012.10.23 11:07:05 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll MOD - [2012.10.23 11:07:04 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll MOD - [2012.10.23 11:07:02 | 001,460,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll MOD - [2012.10.23 11:07:00 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll MOD - [2012.10.23 11:06:53 | 001,199,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll MOD - [2012.10.23 11:06:48 | 001,689,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe MOD - [2012.10.23 10:33:58 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll MOD - [2012.10.23 10:33:53 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll MOD - [2012.10.23 10:33:39 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.10.23 10:33:39 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.10.23 10:33:38 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.10.23 10:33:38 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.10.23 10:33:27 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.10.23 10:33:23 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.10.23 10:33:18 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll MOD - [2012.10.23 10:33:14 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll MOD - [2012.10.23 10:33:11 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.10.23 10:32:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.10.23 10:32:28 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll MOD - [2012.10.23 10:32:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.10.23 10:17:31 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.10.23 10:15:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.10.23 10:15:41 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.10.23 10:15:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.10.23 10:15:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.10.23 10:14:55 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.10.23 10:14:43 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.10.23 10:14:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.12.19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.20 13:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - [2012.10.08 22:06:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.10 20:28:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-9.1) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.05.31 20:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.03.05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.03 12:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.05.10 08:03:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 08:03:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.03 16:49:32 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011.10.03 16:49:32 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011.10.03 16:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011.10.03 16:49:32 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.02.17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.02.17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.02.27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76 FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 22:26:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:40:35 | 000,000,000 | ---D | M] [2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions [2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions [2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb} [2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net [2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi [2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.11 09:59:36 | 000,000,853 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\11-suche.xml [2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml [2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml [2012.09.07 10:48:36 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml [2009.09.11 13:41:08 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml [2009.10.31 07:19:32 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml [2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml [2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml [2009.08.04 04:25:06 | 000,000,944 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin.xml [2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml [2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\Search_Results.xml [2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml [2012.10.21 18:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.03.21 22:26:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll [2012.03.21 22:26:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.21 22:26:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.21 22:26:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.21 22:26:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.03.21 22:26:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.21 22:26:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32asw.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5 [2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5 [2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I [2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung [2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung [2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung [2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a} [2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys [2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.23 09:59:50 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe [2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig [2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8 [2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2 [2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.10.02 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\CelloCD [2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.30 20:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe [2012.10.30 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.30 19:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job [2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.30 17:39:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.30 17:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.30 17:08:45 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job [2012.10.29 17:29:10 | 001,360,590 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.29 17:29:10 | 000,823,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.29 17:29:10 | 000,366,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.29 17:29:10 | 000,322,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 21:31:49 | 063,541,565 | ---- | M] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe [2012.10.25 20:36:03 | 000,000,786 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel [2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.23 10:01:48 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe [1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable [2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe [2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk [2012.10.25 20:36:03 | 000,000,786 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel [2012.10.25 20:21:25 | 063,541,565 | ---- | C] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe [2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel [2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png [2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar [2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml [2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties [2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore [2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer [2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer [2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat [2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar [2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig [2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId [2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history [2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid [2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass [2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore [2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat [2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.07.13 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Amazon [2010.06.29 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Audacity [2009.09.29 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Canon [2010.06.07 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\com.adobe.ExMan [2011.12.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Cornelsen [2010.02.14 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Desktopicon [2012.07.18 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Dropbox [2008.10.05 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\FireShot [2010.05.19 22:45:13 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\GetRightToGo [2012.08.14 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\gtk-2.0 [2012.05.13 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\ICQ [2010.11.07 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\InfraRecorder [2010.12.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\inkscape [2009.11.13 10:09:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\myphotobook [2012.06.15 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\MySQL [2012.09.03 09:15:35 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Nokia [2012.05.29 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Notepad++ [2010.04.01 15:30:33 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Online Solutions [2011.01.19 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\OpenOffice.org [2012.09.03 09:15:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PC Suite [2009.03.12 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\pdf995 [2012.09.03 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PeerNetworking [2011.08.29 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Philipp Winterberg [2012.05.25 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\postgresql [2012.10.23 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Samsung [2010.02.24 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Scribus [2010.04.13 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Subversion [2012.05.04 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\SumatraPDF [2010.03.30 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\syntevo [2011.12.12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\TeamViewer [2009.01.02 00:07:07 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\WEBDE ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06294227-C1D9-4452-8790-01E55C822560}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{39EF8E6A-440D-465A-A8F1-0E8B702353AB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{5BE1C8A7-ACA0-4CEB-A902-7920FA058015}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{8557EBD9-86B8-4BC3-86BA-0460A955C0A4}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D437FA88-B03F-4818-A490-22F00291D428}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F8D69ED5-B2AF-411F-B9EC-AC092DE467C3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 12:29:21 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description =
Error - 29.10.2012 12:30:44 | Computer Name = evandi-PC | Source = Perflib | ID = 1010
Description =
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2620
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2620
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4227
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4227
[ System Events ]
Error - 25.10.2012 05:03:00 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 05:04:40 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-01 09:54:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 7hq8loob.exe; Driver: C:\Users\evandi\AppData\Local\Temp\pxdiypog.sys
---- System - GMER 1.0.15 ----
SSDT 8D0FCA8E ZwCreateSection
SSDT 8D0FCA98 ZwRequestWaitReplyPort
SSDT 8D0FCA93 ZwSetContextThread
SSDT 8D0FCA9D ZwSetSecurityObject
SSDT 8D0FCAA2 ZwSystemDebugControl
SSDT 8D0FCA2F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82AC68D8 4 Bytes [8E, CA, 0F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 82AC6BFC 4 Bytes [98, CA, 0F, 8D] {CWDE ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 56D 82AC6C30 4 Bytes [93, CA, 0F, 8D] {XCHG EBX, EAX; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82AC6C94 4 Bytes [9D, CA, 0F, 8D] {POPF ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 619 82AC6CDC 4 Bytes [A2, CA, 0F, 8D]
.text ...
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\upnphost\4,Windows automatically (not active ControlSet)
---- EOF - GMER 1.0.15 ----
andi |
| Themen zu Startseite "http://www.searchnu.com/406" beim öffnen von Chrome |
| adobe after effects, akamai, antivir, autorun, avira, bho, bonjour, c:\windows\system32\cmd.exe, document, entfernen, error, excel, firefox, flash player, hijack, hijackthis, home, http://www.searchnu.com/406, hängen, iexplore.exe, intranet, launch, logfile, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, third party, usb 2.0, virtualbox, vista |
Baum-Darstellung