59 Funde mit Malwarebyts (Registy) OTL
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 05.01.2013 17:28:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sefer\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 59,57% Memory free
4,61 Gb Paging File | 3,30 Gb Available in Paging File | 71,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,07 Gb Total Space | 69,97 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
Drive D: | 141,30 Gb Total Space | 28,28 Gb Free Space | 20,02% Space Free | Partition Type: NTFS
Computer Name: SEFER-PC | User Name: Sefer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sefer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87cabb0fdab32b869f1b180d10336ee0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\207ac33d5dfd60f1077540a0af174224\XPBurnComponent.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\1da0e96fe37a7ceff1fd1dfd05da9f16\Microsoft.Practices.ObjectBuilder.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\4814a157aa45fe43ad8897d76e8d39da\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\eca0441c8701df9564e870588d9abed9\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\e2fb1b6bfc9ba2c68c8658e1c93ed7f5\Microsoft.ApplicationBlocks.Updater.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\1ff559f9f184d5d60e615c3b33533e51\RuleEngine.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\ec52e9e19129961c2629f2139f6e803a\Microsoft.Win32.TaskScheduler.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\1afe3896fa02a13271ce88fd4add6ff8\Agent.Communication.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\b9f7720609232e2c0cc5665b2bf8ce00\Interop.WUApiLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\fe9b1f38884a8d0fe68e9649b3a756ed\ExceptionLogging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\bcb50d0c6c457f585c94b7e2d0b17e9c\Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\7cdcb6cc9d4b96fdee0e48c910c7b01a\Agent.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\83685b4fe6ebbdfef11573f27fa1b926\Agent.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Programme\Driver Mender\Driver Mender\ThemePack.DriverMender.dll ()
MOD - C:\Programme\Driver Mender\Driver Mender\Agent.Communication.XmlSerializers.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
========== Services (SafeList) ==========
SRV - (Dnscache) -- %SystemRoot%\System32\poua6zfux.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\Sefer\AppData\Local\Temp\catchme.sys File not found
DRV - (ayw38ga4) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36931CFE-5CC2-476F-9C86-422BEE209BF5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=bbfcb330-3f9e-11e1-b319-c9c9f6f48f95&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF DE AF 48 9B B7 CC 01 [binary data]
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes,Backup.Old.DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes\{3454FE05-2C74-483A-98E9-DE76D93E7A63}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=QK&apn_dtid=YYYYYYU3DE&apn_uid=91833D13-FC1D-4889-AF00-79E1AF44C8F9&apn_sauid=E85A0C27-3786-4462-A89C-CC3F3A455B93
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes\{36931CFE-5CC2-476F-9C86-422BEE209BF5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNQN_deDE461
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes\{468078BE-B978-9191-EE47-026F269CF1F8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNQN_deDE461
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..backup.old.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.defaultengine: "google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledAddons: {acaa314b-eeba-48e4-ad47-84e31c44796c}:1.0.8
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.url: "hxxp://search.etype.com/?smart=1&query="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sefer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sefer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sefer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.11 16:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.11 11:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.17 21:06:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.04 15:47:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.05 17:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.19 17:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.21 17:50:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.17 21:06:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.04 15:47:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.05 17:12:04 | 000,000,000 | ---D | M]
[2011.12.13 20:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sefer\AppData\Roaming\mozilla\Extensions
[2013.01.05 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sefer\AppData\Roaming\mozilla\Firefox\Profiles\kssamhxp.default\extensions
[2013.01.04 16:10:20 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sefer\AppData\Roaming\mozilla\Firefox\Profiles\kssamhxp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.12.13 20:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.04 15:47:40 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.04 15:47:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.04 15:47:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.04 15:47:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.04 15:47:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.04 15:47:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.04 15:47:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sefer\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sefer\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sefer\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sefer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000..\Run: [Driver Mender] C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000..\Run: [Facebook Update] C:\Users\Sefer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sefer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnns1g7vo.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385A3BC5-C3F7-4139-8AB5-2911B355C33F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.05 16:25:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.05 16:12:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.05 16:12:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.05 16:12:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.05 16:12:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.05 16:11:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.05 15:46:54 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{A70DA2E1-5296-4F51-8242-27B6C85FCB94}
[2013.01.04 22:07:15 | 000,000,000 | ---D | C] -- C:\Users\Sefer\Desktop\mbar
[2013.01.04 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sefer\Desktop\ARK
[2013.01.04 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{731E55EC-2FF8-40A1-9F89-F0688348F715}
[2013.01.04 19:11:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.04 19:06:22 | 000,000,000 | ---D | C] -- C:\Windows\tr-TR
[2013.01.04 19:06:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr
[2013.01.04 16:13:54 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Roaming\Malwarebytes
[2013.01.04 16:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.04 16:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.04 16:13:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.04 16:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.04 16:12:50 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\Programs
[2013.01.04 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{2CDEFAD1-5997-4CBD-A5FA-781BA668A720}
[2013.01.04 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{42B3477C-77F5-4116-A507-E2CB173A1AF6}
[2013.01.03 14:35:16 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{9722C651-D7F0-4AE9-B047-020577D782B2}
[2013.01.03 01:46:32 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{A24D9705-E54A-4907-8523-DC9B17601D9D}
[2013.01.02 03:12:54 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2013.01.02 03:12:47 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Roaming\WindSolutions
[2013.01.02 03:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.01.02 03:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.02 03:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.02 03:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.02 03:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.02 02:48:49 | 000,000,000 | ---D | C] -- C:\Users\Sefer\Desktop\Neuer Ordner
[2013.01.01 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{B1052E24-C169-4C83-B29F-0D2593ED6BFC}
[2013.01.01 04:00:32 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{982E3EA9-CD61-4496-B876-2A2C982503B4}
[2012.12.29 19:13:16 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{16DE591E-9DA1-42B6-BECF-07B5C4D7C399}
[2012.12.27 17:56:04 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{B2AFAE92-1AA3-4BE2-AD5D-A61B27169753}
[2012.12.26 23:51:33 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{739603C1-C2BC-49D8-9095-EA2F3F97E9C2}
[2012.12.24 22:48:44 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{1A5A8FA0-EA45-46AA-98FB-5FE93D1186F5}
[2012.12.24 02:06:13 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{7793D88D-B2C1-4AD1-919F-F394149365E4}
[2012.12.23 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{DFDD9518-BE94-4209-97C7-D691B076EB55}
[2012.12.21 17:03:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 17:03:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.21 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{8389F9F7-FCE1-4179-99BD-9F63444545E6}
[2012.12.20 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{942DC9D9-AC21-43B5-9B8E-1E02157023FD}
[2012.12.20 03:32:56 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{08363F1B-3BD2-4427-A4D5-6931AA58FD4C}
[2012.12.19 15:32:17 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{6D327186-F0F4-4E29-8E45-57CD264B6644}
[2012.12.18 15:28:47 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{7F437D9E-ED93-4405-8E56-B12238190611}
[2012.12.17 15:58:34 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{89B6C1F1-B1BF-40E2-8B1A-87BF81E77927}
[2012.12.17 00:05:06 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{097CF696-A4ED-4329-9E09-C8C2FB19016F}
[2012.12.15 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{C8A0D48E-6016-48B5-8DCE-BF34885A5DC7}
[2012.12.14 18:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sefer\Documents\SeferClean
[2012.12.14 17:47:20 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{F49415A9-5038-49F1-853F-0B7BDFFF8282}
[2012.12.14 02:28:09 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{B47778DB-5542-4F7C-8220-31AE39EAB91E}
[2012.12.13 12:30:48 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{8E456D2D-85F7-420A-A4A5-9CB2B9459634}
[2012.12.12 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{8FB2BE1E-7720-46CF-9FA9-9C7EC8EA720C}
[2012.12.12 01:37:15 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{E4CA82D8-A72F-442D-81C4-2B0552079933}
[2012.12.11 20:49:11 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.11 20:49:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.11 20:49:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.11 20:48:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 20:48:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 20:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 20:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 20:48:45 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.11 20:48:35 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.11 20:48:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.11 20:48:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.11 20:48:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.11 20:48:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.11 20:48:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.11 20:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{6CE8D92C-53C8-49CA-9C2E-05254A24B561}
[2012.12.10 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{583623D3-DE1C-44B9-BE58-CAD6F165A1BA}
[2012.12.10 01:52:40 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{5A7A8AB1-145C-4040-AB1D-995301E8FB09}
[2012.12.09 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{B6BB26AC-CB1E-4630-AC28-196B57D7954F}
[2012.12.09 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{0383A480-BD3F-4153-8ED8-1DC83B30D1AD}
[2012.12.07 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{D32781C7-5203-48D6-AAF7-45FBBC9908B2}
[2012.12.06 21:09:28 | 000,000,000 | ---D | C] -- C:\Users\Sefer\AppData\Local\{8A637B33-4EF1-4A51-98A4-016AFD748E76}
========== Files - Modified Within 30 Days ==========
[2013.01.05 17:32:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201871042-4157093004-2081342139-1000UA.job
[2013.01.05 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.05 17:18:51 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 17:18:51 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 17:18:25 | 000,694,968 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013.01.05 17:18:25 | 000,689,646 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013.01.05 17:18:25 | 000,676,496 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2013.01.05 17:18:25 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.05 17:18:25 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.05 17:18:25 | 000,610,740 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013.01.05 17:18:25 | 000,552,308 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2013.01.05 17:18:25 | 000,378,408 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2013.01.05 17:18:25 | 000,362,306 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013.01.05 17:18:25 | 000,133,054 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2013.01.05 17:18:25 | 000,130,678 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013.01.05 17:18:25 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.05 17:18:25 | 000,127,682 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013.01.05 17:18:25 | 000,122,064 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013.01.05 17:18:25 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.05 17:18:25 | 000,104,786 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013.01.05 17:18:25 | 000,099,872 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2013.01.05 17:18:25 | 000,089,974 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2013.01.05 17:17:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.05 17:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.05 17:13:34 | 1854,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.05 16:51:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.05 02:39:22 | 000,000,512 | ---- | M] () -- C:\Users\Sefer\Documents\MBR.dat
[2013.01.04 21:45:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3201871042-4157093004-2081342139-1000UA.job
[2013.01.04 21:45:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3201871042-4157093004-2081342139-1000Core.job
[2013.01.04 20:32:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3201871042-4157093004-2081342139-1000Core.job
[2013.01.04 19:11:29 | 541,466,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.04 19:05:42 | 000,285,034 | ---- | M] () -- C:\Windows\System32\perfi01F.dat
[2013.01.04 19:05:42 | 000,037,160 | ---- | M] () -- C:\Windows\System32\perfd01F.dat
[2013.01.04 16:13:10 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.02 03:12:54 | 000,001,372 | ---- | M] () -- C:\Users\Sefer\Desktop\CopyTrans Control Center.lnk
[2013.01.02 03:06:50 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.21 19:24:39 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 18:56:58 | 000,002,140 | ---- | M] () -- C:\Users\Sefer\Desktop\Briefkopf - Verknüpfung.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 20:33:09 | 000,002,449 | ---- | M] () -- C:\Users\Sefer\Desktop\Google Chrome.lnk
[2012.12.12 04:21:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 04:21:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.11 20:47:21 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 20:47:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2013.01.05 16:12:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.05 16:12:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.05 16:12:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.05 16:12:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.05 16:12:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.05 02:39:22 | 000,000,512 | ---- | C] () -- C:\Users\Sefer\Documents\MBR.dat
[2013.01.04 19:11:29 | 541,466,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.04 19:07:22 | 000,610,740 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2013.01.04 19:07:22 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2013.01.04 19:07:22 | 000,122,064 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2013.01.04 19:07:22 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2013.01.04 16:13:10 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.02 03:12:54 | 000,001,372 | ---- | C] () -- C:\Users\Sefer\Desktop\CopyTrans Control Center.lnk
[2013.01.02 03:06:50 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.14 18:56:58 | 000,002,140 | ---- | C] () -- C:\Users\Sefer\Desktop\Briefkopf - Verknüpfung.lnk
[2012.11.20 14:38:43 | 000,086,462 | ---- | C] () -- C:\Users\Sefer\Winterdienst Angebot 2012-4 - Auftrag.eml
[2012.11.13 13:44:28 | 000,050,408 | ---- | C] () -- C:\Users\Sefer\Personalfragebogen kurzfristig_geringfügig.pdf
[2012.10.30 20:50:22 | 000,120,201 | ---- | C] () -- C:\Users\Sefer\Lohnauswertungen_September_2012.pdf
[2012.10.30 20:49:56 | 000,033,446 | ---- | C] () -- C:\Users\Sefer\248458_10254_2012_Umsatzsteuervoranmeldung kucher
[2012.10.30 20:48:26 | 000,033,868 | ---- | C] () -- C:\Users\Sefer\248458_10254_2012_Umsatzsteuervoranmeldung.pdf
[2012.10.30 20:47:47 | 000,036,597 | ---- | C] () -- C:\Users\Sefer\248458_10000_2012_OPOS-Konto kucher
[2012.09.17 23:24:56 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat.temp
[2012.09.17 21:03:00 | 000,221,389 | ---- | C] () -- C:\Windows\hpoins41.dat
[2012.09.17 21:03:00 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat
[2012.09.09 21:32:22 | 000,063,438 | ---- | C] () -- C:\Users\Sefer\Rechnung Nr20120025.pdf
[2012.03.19 19:07:20 | 000,000,600 | ---- | C] () -- C:\Users\Sefer\PUTTY.RND
[2012.02.08 21:58:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.12.18 14:55:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.12.18 14:53:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.11 00:38:59 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.12.11 00:33:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.12.11 00:31:15 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011.12.11 00:31:15 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2011.12.11 00:31:15 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.12.11 00:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2011.12.11 00:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.12.11 00:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.12.11 00:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.12.11 00:31:15 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2011.12.11 00:31:15 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 901 bytes -> C:\Users\Sefer\Winterdienst Angebot 2012-4 - Auftrag.eml:OECustomProperty
< End of report >
Code:
Alles auswählen Aufklappen ATTFilter
OTL Extras logfile created on: 05.01.2013 17:28:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sefer\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 59,57% Memory free
4,61 Gb Paging File | 3,30 Gb Available in Paging File | 71,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,07 Gb Total Space | 69,97 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
Drive D: | 141,30 Gb Total Space | 28,28 Gb Free Space | 20,02% Space Free | Partition Type: NTFS
Computer Name: SEFER-PC | User Name: Sefer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B5FCC2-179E-420E-BD46-29EA066C15F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1282C0FF-616B-4873-832D-8EBFAD793771}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24EA25F4-6EE7-4A83-84F9-78B131AEEE58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2598BDA0-9065-4424-8B42-CBCE8202552D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2C326ACD-DD26-4834-AC20-A8736AF89A2F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DE9904D-82DE-4E9D-9E66-8E8DFD270A36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{37C8D4BA-087E-47B1-8373-0350F2770FBA}" = lport=137 | protocol=17 | dir=in | app=system |
"{38E07933-557C-4646-BBF4-B83C3C7311B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B6396F1-2E9C-4E44-BEEE-03954FF99F1E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{464F5CD2-3E99-4C87-986B-465D66119DEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{592514C1-4179-4490-95DC-B605BE9ACB84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D5F793E-DB4E-4952-B3F2-757C2D49A217}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E5B77AE-4C23-477C-99A2-B82775203A42}" = rport=445 | protocol=6 | dir=out | app=system |
"{67548BAC-7839-4024-8BEC-8801B297D0DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E06AA93-CF7D-4B04-989F-CEFAFBDF5E21}" = lport=138 | protocol=17 | dir=in | app=system |
"{6FCC59E0-0DCA-431E-9C34-78923FF71409}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7A4883AC-3959-463C-960F-1669CCAAB97F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D795CD8-2555-4E72-BDA6-25DA2739A8B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{801C25FD-1036-4130-8F72-1D061067268A}" = rport=138 | protocol=17 | dir=out | app=system |
"{84DF121D-8160-49D8-BED0-6727BC2ECB96}" = rport=139 | protocol=6 | dir=out | app=system |
"{8768F48D-E35A-4BB3-B8F4-04461F3D1B0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A15A699C-5923-42F2-90C3-6B57B8874BC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A535E4E6-7517-4DC1-B916-C1592CA298D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9BBA77E-1425-4F0C-865F-6E154FDE4EAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1F41853-07C5-46D4-AA52-0BFD9E16DA2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2F31C8F-9293-41E1-BBDF-74356DFE5F76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B896DF4D-CD6F-4CA5-AF6D-5E3E3706B3A2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2D5C943-DF71-48BB-88DE-3F15FE18B969}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4F9EA59-832C-4B39-B3BD-B94BD8A9AF30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC9E403D-C87E-4DC1-9987-6652DC96FCF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D75EEDAE-A609-4488-9368-0112A082D328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D986953D-E3E3-48CA-9701-E68A0E91D089}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E43F6D92-26FE-45BA-BC40-CEA21B3EBC73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F153274F-E8D2-4235-8C7C-E70306215B6A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F1D197AE-04CA-4D25-88E8-E0DDB1EF31F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2CFBB94-E286-4869-807D-0FD2E2CD165D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6AD8B67-E52F-484A-AEEE-A3A276F072A4}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A29247-828D-4117-9C9E-24245820CBFA}" = dir=in | app=c:\users\sefer\appdata\local\temp\7zs72db\setup\hpznui01.exe |
"{096CB96A-FD64-4F82-8A5D-152A53FD45C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{113FA69B-7A3D-47CE-9DFC-BC515FB34326}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12AA8CA5-37F5-43AD-9614-66E0CC64FBE2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{144F4195-4CB1-4B6A-9B71-08B04D8B571F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{31CBF3BA-E92F-4416-98A2-056B91D6AC02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32E957CB-5E64-4723-A9BA-22FE6DFFF1F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{3A7D3D17-AC28-4090-89BD-0B7B42F10D94}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3B08D29E-BBAE-41EF-AE3A-D5C5BE381A15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3F50B649-EA2C-42D7-BAD3-15F3634FA1C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CC38875-9E6D-4FFD-85EA-B08A5CCB69CF}" = dir=in | app=c:\users\sefer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4F924D6E-3ED6-4306-AF28-F59059049538}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{58D8FF0F-4B15-4B8E-BF21-86D042E8CC43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59246627-F316-474B-AB21-1F8C261278BE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{59A14CF8-6182-4F55-ADCD-CDAF705EFBC5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5E9164D6-AC5A-4189-8BD4-92510FA27150}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{618D63DF-E624-46C8-959B-FB7C6F85EFB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{61ABA8EE-1CD1-47DD-8D57-80A2470D1761}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69F67BF4-8262-44AC-8CD9-05C12CF0C80F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A4C3D5B-26B4-407F-8338-1466C52BE4D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F4E0743-AC06-4061-801B-FA3D72666084}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77212B37-261B-40FF-BB78-8705E8F3CF3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7832001F-7268-456F-BE25-2BE920476022}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{80D83A97-EBB4-49BA-8583-D059A9E96DB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{86C46E09-8A11-478A-B21D-2EC7ABE5FCA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8DD37095-260A-4A74-AB58-1E743CB1BCC3}" = protocol=6 | dir=out | app=system |
"{9FB12D52-0C57-4A50-B57E-A4BEB286D77E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A18FFD4D-DF9C-4188-A539-0F7FB4EA0419}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{ACF32703-75C3-46EE-9AFA-937B28B7A5E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEAA62A1-9E96-4972-8424-F2924F3FE88E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B1915142-720F-442A-A490-DB4233E9C284}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{B2E3E47A-3206-4E5D-B375-A11FD6C98BB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B6DD00A7-D243-4D7B-9063-5E6BCA5DD33F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BB912875-DFAD-40B1-BCF6-F78B735C9C1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C098074F-7813-4AE3-8133-3C16ACA47543}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{CC216E74-06C3-4435-B83C-A8AF591A43C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDD257C1-9A5F-4A82-B39D-EC933613AD1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D5546753-A3CE-40B6-B18A-E9F4FBBE2712}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E379DFC3-FB63-4AEC-82AF-1185EC697115}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF0EC20-228D-4BD9-A29E-F4777619974E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F370771D-E909-42DA-813C-54FF8D6D806E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F7539F7B-6817-4826-A7BD-0107280FC18E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC065551-56BB-448A-A3A8-BCDF5B67F41E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"TCP Query User{43CC59E3-A87F-4532-97DA-1F1824D14C76}C:\users\halo1\appdata\local\temp\rar$ex42.384\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\halo1\appdata\local\temp\rar$ex42.384\redsn0w_win_0.9.10b3\redsn0w.exe |
"TCP Query User{FBD1F4F1-4105-4BC9-A302-23277AEB76B7}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{A34DB498-B4E1-46F7-832F-8D1E044B151A}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{FAEE4951-B4FC-48C4-80A7-4047CB8F4DD6}C:\users\halo1\appdata\local\temp\rar$ex42.384\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\halo1\appdata\local\temp\rar$ex42.384\redsn0w_win_0.9.10b3\redsn0w.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{36415915-0B92-4F82-A240-42D3C14304F0}" = Driver Mender
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m
"{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"DivX Setup" = DivX-Setup
"dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"vGrabber" = vGrabber
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3201871042-4157093004-2081342139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.01.2013 20:45:59 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.01.2013 20:45:59 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79049840
Error - 02.01.2013 20:45:59 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79049840
Error - 02.01.2013 20:46:00 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.01.2013 20:46:00 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79050854
Error - 02.01.2013 20:46:00 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79050854
Error - 03.01.2013 09:46:24 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2013 09:46:24 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
Error - 03.01.2013 09:46:24 | Computer Name = Sefer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
Error - 04.01.2013 10:45:06 | Computer Name = Sefer-PC | Source = Google Update | ID = 20
Description =
[ Media Center Events ]
Error - 17.03.2012 20:06:21 | Computer Name = Sefer-PC | Source = MCUpdate | ID = 0
Description = 01:05:30 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 17.03.2012 20:26:55 | Computer Name = Sefer-PC | Source = MCUpdate | ID = 0
Description = 01:22:22 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 17.03.2012 20:37:55 | Computer Name = Sefer-PC | Source = MCUpdate | ID = 0
Description = 01:31:49 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Anfrage wurde abgebrochen: Die Anfrage wurde abgebrochen..)
[ System Events ]
Error - 05.01.2013 12:42:15 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:42:41 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:42:41 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:42:41 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:08 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:08 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:08 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:34 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:34 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 05.01.2013 12:43:34 | Computer Name = Sefer-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
< End of report >
05.01.2013, 17:53
Hybrid-Darstellung
