| CarlosSantan | 26.06.2013 14:34 |
Oh, ich bitte um Entschuldigung. Ich hatte die Checkliste nicht korrekt verstanden. Nun hier einige der geforderten Scans:
OTL Code:
OTL logfile created on: 25.06.2013 16:33:15 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olaf Henning\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,18 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 60,44% Memory free
6,35 Gb Paging File | 5,09 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 222,57 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Computer Name: OH-PC | User Name: Olaf Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.25 15:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe
PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.06 12:52:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.07 07:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.07 07:25:02 | 000,960,440 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2011.04.25 09:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE
PRC - [2011.04.25 09:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.04 02:00:02 | 000,499,712 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TUBHVE.EXE
PRC - [2010.12.21 02:00:02 | 000,356,352 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TUDHVE.EXE
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe
PRC - [2009.12.09 10:50:00 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 10:49:58 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.08.13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Software Update 3\SoftAuto.exe
PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe
========== Modules (No Company Name) ==========
MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.05.17 12:34:32 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\373381a7b11b205bc43deb78ffe2a061\Kies.Common.MediaDB.ni.dll
MOD - [2013.05.17 12:34:31 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b4f9b5e14b1df56e68760c2a03179959\Kies.Common.AllShare.ni.dll
MOD - [2013.05.17 12:34:31 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\821880bd434b8d940173acc5f67f120c\AdminCmdAgent.ni.dll
MOD - [2013.05.17 12:34:30 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\803622b9db952471227e718c01dcd834\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.05.17 12:34:30 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8ce5c5b73741a20a97ec798c611563ac\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.05.17 12:34:29 | 000,894,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a0b58389e9326cb9aba3c8cb7b4b8ce3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.05.17 12:34:29 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8519182f097b54f2077ed4ffed8223bb\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.05.17 12:34:28 | 001,017,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\58685446551341aff00a38b101003c4d\Kies.Common.DeviceService.ni.dll
MOD - [2013.05.17 12:34:26 | 002,188,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\bbfb92e90a69585acf83fac7243e843e\Kies.Common.Multimedia.ni.dll
MOD - [2013.05.17 12:34:24 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\740733db47abca9df19a54a4ef79a4a7\Kies.Common.MainUI.ni.dll
MOD - [2013.05.17 12:34:23 | 001,710,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\94ac3a196dc3bdf0b1708632659ef782\Kies.UI.ni.dll
MOD - [2013.05.17 12:34:23 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\0d57366b37b2cf2c9c36ec9ce0389f36\Kies.Common.Util.ni.dll
MOD - [2013.05.17 12:34:23 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\97594f10c1dedca6452a4bd32b3bf8fe\Kies.Common.DBManager.ni.dll
MOD - [2013.05.17 12:34:21 | 001,182,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\71b7ac6787aacea36a8eac835d2dd5cf\Kies.Interface.ni.dll
MOD - [2013.05.17 12:34:21 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\2c0f02e66c6b749b122cefe6fc2535a2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.05.17 12:34:01 | 001,663,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\fa7e5769087fa3a0c0480a1ab5dc5f3b\Kies.ni.exe
MOD - [2013.05.16 07:53:34 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.16 07:53:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.16 07:53:19 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll
MOD - [2013.05.16 07:53:17 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.16 07:53:13 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.05.16 07:53:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.02.14 16:46:14 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.10 13:11:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 13:11:20 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\1783a8470dfbaa68464bcd38517ca21e\Kies.Theme.ni.dll
MOD - [2013.01.10 13:11:20 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\503c815cdbeac882e8048c16b26aeb1a\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.01.10 13:11:17 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\355eb1dfe56af1a94215ef988ea62dde\Kies.Common.StoreManager.ni.dll
MOD - [2013.01.10 13:11:16 | 000,235,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f791a0713086627bd13c30292f801775\ASF_cSharpAPI.ni.dll
MOD - [2013.01.10 13:11:15 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d2a4e83bc8a9fd4cbdb47092969bdc25\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.01.10 13:11:15 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013.01.10 13:11:14 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\836a2feb1f245f60ace49283906d0c64\Interop.DevFileServiceLib.ni.dll
MOD - [2013.01.10 13:11:13 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\63babc53e05a13dcd8361c50f6acb8df\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.01.10 13:11:13 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\9142806be605fcd99de2b933928fa7c4\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013.01.10 13:11:10 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll
MOD - [2013.01.10 13:11:09 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.10 13:11:09 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.10 13:11:09 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.10 13:11:09 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\a29bbc3f6725d736df7b81580bfc3000\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.01.10 13:11:05 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.10 13:11:04 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\ba46da240a138d0aa2d2b2d1d837f221\Kies.Locale.ni.dll
MOD - [2013.01.10 13:11:04 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\b8d3852e5a6e3b88855b66c70584da3f\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013.01.10 13:11:04 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f64400a817d3942ff03470493d079229\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.10 13:11:03 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\23c6a325cc2c888f44cc85f6eb2cc55c\Kies.MVVM.ni.dll
MOD - [2013.01.10 13:10:45 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 13:10:39 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 20:33:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 20:33:12 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.09 20:33:09 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfd96a6775ae491a87d755101aee691b\PresentationFramework.Classic.ni.dll
MOD - [2013.01.09 20:33:08 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 20:33:03 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.08.18 15:31:38 | 000,115,137 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
MOD - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
========== Services (SafeList) ==========
SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.23 13:55:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.21 17:21:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.25 09:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.12.09 10:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.09 10:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\tools\everest\kerneld.wnt -- (EverestDriver)
DRV - [2013.04.04 10:50:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010.02.03 15:36:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.12.11 11:43:28 | 000,112,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009.11.16 07:28:00 | 000,037,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma2)
DRV - [2009.11.16 07:27:58 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 04:43:12 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioatdma.sys -- (ioatdma)
DRV - [2009.07.09 01:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.10.31 21:25:00 | 000,321,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adptahci.sys -- (adptahci)
DRV - [2007.04.11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007.04.11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007.04.11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.17 11:13:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.17 11:13:28 | 000,000,000 | ---D | M]
[2011.01.17 19:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Extensions
[2013.05.08 19:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Firefox\Profiles\5v921moe.default\extensions
[2013.04.04 10:51:26 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\Firefox\Profiles\5v921moe.default\extensions\ffxtlbr@delta.com
[2012.12.11 18:40:22 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.08 19:10:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.02 06:56:05 | 000,006,472 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\babylon.xml
[2013.05.02 06:56:05 | 000,006,472 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\BrowserProtect.xml
[2013.04.04 10:51:27 | 000,001,294 | ---- | M] () -- C:\Users\Olaf Henning\AppData\Roaming\mozilla\firefox\profiles\5v921moe.default\searchplugins\delta.xml
[2013.05.23 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.09 11:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.23 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.23 13:55:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.23 13:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions
[2013.05.22 19:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.22 19:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.04 10:51:14 | 000,006,469 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [logonoeplay] C:\Users\Olaf Henning\AppData\Roaming\logonoeplay.exe ()
O4 - HKCU..\Run: [lweuyvxk] C:\Users\Olaf Henning\AppData\Roaming\Yycyk\xqjfyvxk.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{897EBDFD-9AD2-4C89-9333-AE7350E4F52E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE4226B0-FBFF-4656-8131-A0C02DEFB711}: DhcpNameServer = 127.0.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21c64b95-4271-11e0-af18-7071bce96e8d}\Shell - "" = AutoRun
O33 - MountPoints2\{21c64b95-4271-11e0-af18-7071bce96e8d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{4676aa67-42b1-11e1-8301-7071bce96e8d}\Shell - "" = AutoRun
O33 - MountPoints2\{4676aa67-42b1-11e1-8301-7071bce96e8d}\Shell\AutoRun\command - "" = I:\BMMStart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.25 15:59:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe
[2013.06.25 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\AppData\Roaming\Yycyk
[2013.06.24 12:10:21 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Wilhelm Raabe Schule
[2013.06.22 10:31:58 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\AppData\Roaming\File Scout
[2013.06.17 11:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.06.17 11:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.06.17 11:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.06.10 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Spielkarten-Dateien
[2013.06.10 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Lernplakate-Dateien
[2013.06.10 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Lernprotokoll-Dateien
[2013.06.10 15:46:43 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten-Dateien
[2013.06.10 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen-Dateien
[2013.06.10 15:45:41 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter-Dateien
[2013.06.10 12:27:17 | 000,000,000 | ---D | C] -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag-Dateien
========== Files - Modified Within 30 Days ==========
[2013.06.25 16:30:13 | 000,377,856 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe
[2013.06.25 16:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.25 15:59:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olaf Henning\Desktop\OTL.exe
[2013.06.25 15:58:51 | 000,000,156 | ---- | M] () -- C:\Users\Olaf Henning\defogger_reenable
[2013.06.25 15:56:26 | 000,050,477 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Defogger.exe
[2013.06.25 15:44:40 | 000,018,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 15:44:40 | 000,018,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.25 13:35:40 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.25 13:35:40 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.25 13:35:40 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.25 13:35:40 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.25 13:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.25 13:31:10 | 2558,509,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.14 11:46:04 | 000,450,582 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Die_Arbeit_in_der_Oberschule.pdf
[2013.06.14 11:45:59 | 000,249,777 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Die_wichtigsten_Fragen_und_Antworten_zur_Oberschule.pdf
[2013.06.10 20:33:27 | 001,395,733 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\M5 - ReLv RS-Kartei.pdf
[2013.06.10 20:31:56 | 001,058,589 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\KArten zum Weiterschwingen.pdf
[2013.06.10 15:48:59 | 001,730,740 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\1610_02 Musterseiten RS Leiter.pdf
[2013.06.10 15:48:07 | 000,011,291 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Spielkarten.html
[2013.06.10 15:47:45 | 000,003,654 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Lernplakate.html
[2013.06.10 15:47:04 | 000,002,704 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
[2013.06.10 15:46:43 | 000,003,322 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
[2013.06.10 15:46:22 | 000,003,495 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
[2013.06.10 15:45:41 | 000,003,201 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
[2013.06.10 12:27:17 | 000,027,292 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
[2013.06.10 12:26:00 | 000,552,342 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\bestellschein.pdf
[2013.06.10 12:23:13 | 000,446,743 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\L1.pdf
[2013.06.09 11:46:25 | 000,066,761 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\Logo Haus der kleinen Forscher.jpg
[2013.06.08 11:01:45 | 001,632,945 | ---- | M] () -- C:\Users\Olaf Henning\Desktop\ukssl09 Schwimmunterricht.pdf
[2013.05.31 10:21:15 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
========== Files Created - No Company Name ==========
[2013.06.25 16:30:12 | 000,377,856 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\gmer_2.1.19163.exe
[2013.06.25 15:58:50 | 000,000,156 | ---- | C] () -- C:\Users\Olaf Henning\defogger_reenable
[2013.06.25 15:56:21 | 000,050,477 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Defogger.exe
[2013.06.14 11:46:04 | 000,450,582 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Die_Arbeit_in_der_Oberschule.pdf
[2013.06.14 11:45:59 | 000,249,777 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Die_wichtigsten_Fragen_und_Antworten_zur_Oberschule.pdf
[2013.06.10 20:33:26 | 001,395,733 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\M5 - ReLv RS-Kartei.pdf
[2013.06.10 20:31:55 | 001,058,589 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\KArten zum Weiterschwingen.pdf
[2013.06.10 15:48:59 | 001,730,740 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\1610_02 Musterseiten RS Leiter.pdf
[2013.06.10 15:48:07 | 000,011,291 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Spielkarten.html
[2013.06.10 15:47:45 | 000,003,654 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Lernplakate.html
[2013.06.10 15:47:03 | 000,002,704 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Lernprotokoll.html
[2013.06.10 15:46:43 | 000,003,322 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Wortschatzkisten.html
[2013.06.10 15:46:22 | 000,003,495 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Erfolgskontrollen.html
[2013.06.10 15:45:41 | 000,003,201 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Arbeitsblaetter.html
[2013.06.10 12:27:17 | 000,027,292 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Primarstufe _ ReLv-Verlag.htm
[2013.06.10 12:26:00 | 000,552,342 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\bestellschein.pdf
[2013.06.10 12:23:13 | 000,446,743 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\L1.pdf
[2013.06.09 11:46:23 | 000,066,761 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\Logo Haus der kleinen Forscher.jpg
[2013.06.08 11:01:44 | 001,632,945 | ---- | C] () -- C:\Users\Olaf Henning\Desktop\ukssl09 Schwimmunterricht.pdf
[2013.05.31 10:21:15 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.21 17:25:21 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.02.27 17:05:24 | 000,004,608 | ---- | C] () -- C:\Users\Olaf Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 01:11:09 | 000,253,440 | ---- | C] () -- C:\Users\Olaf Henning\AppData\Roaming\logonoeplay.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.04 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Babylon
[2012.01.26 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DAEMON Tools Lite
[2011.01.24 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Design Science
[2012.10.15 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoft
[2012.10.15 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.15 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Epson
[2012.08.29 17:44:41 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\eSchuljahreplaner_V1_2
[2013.06.22 10:31:58 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\File Scout
[2011.01.17 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Leadertech
[2013.04.04 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\OpenCandy
[2012.08.31 19:09:52 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Samsung
[2012.04.24 19:25:07 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Temp
[2013.04.04 10:52:27 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\TuneUp Software
[2013.06.25 15:08:52 | 000,000,000 | ---D | M] -- C:\Users\Olaf Henning\AppData\Roaming\Yycyk
========== Purity Check ==========
< End of report >
OTL Extra Code:
OTL Extras logfile created on: 25.06.2013 16:00:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olaf Henning\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,18 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 62,13% Memory free
6,35 Gb Paging File | 5,10 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,46 Gb Total Space | 222,57 Gb Free Space | 47,82% Space Free | Partition Type: NTFS
Computer Name: OH-PC | User Name: Olaf Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Olaf Henning\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07879F5B-56D4-429B-A3CF-D58B1678EEE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BDCBF60-F9F6-45F4-B66B-1172F1FEAA63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{289FAA3E-027D-4BB5-AAB1-6C6F4E7F3579}" = lport=138 | protocol=17 | dir=in | app=system |
"{2944D78B-6988-49BD-9D31-48CF67085D71}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B093DBF-848F-4235-97C6-BCE2AF177E8B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45215BD1-BFDA-4AA4-8A90-6C5581B6D635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{714AABBD-2E13-4103-93B3-C687EC7061F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{875BA7C4-2DB3-476D-A73A-E9F406B2607C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8BABFB59-C436-494F-9DE2-E8E64E49A773}" = lport=445 | protocol=6 | dir=in | app=system |
"{A08AC00B-0037-49CF-A6C6-9D09A534DC9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA205D35-BCB4-40CF-A154-3E761580B24C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF87DB7D-8330-4CF7-A47E-37112E430D3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C39C37C3-3539-41B6-A975-901084C6377D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0E58E60-47F1-42F7-B080-8FA969CA7CDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4C71E35-6D21-4B0A-AE61-212FA81920EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D7C8CAE9-F692-4E67-A1F9-A71D0C3F91FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8DA55CC-E4DC-462E-A8BB-B8D8C39DDAD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB2E78A-AE26-4B9C-945A-EEDB363B80E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8ECFF3-6CBE-420E-AC08-A7A287B18985}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E57328CF-E6CE-4039-8536-99FC04493613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EED47ED8-8CD9-491B-BA25-F36BDF12272F}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFDB5B5D-8A5B-4999-A3B7-7A29805ADAC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F47E65F6-FCB7-4E2F-8B1E-FE4AC3250EF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F794B980-49E0-4F29-A93C-95F5E02CC537}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FF5761-14D9-458D-B77B-D86BB81DDB29}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1E733541-E659-4374-9E19-CDEC4DBC8F54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21F0C6B8-B763-48E9-BBD1-CE389267BA74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45C8A019-A394-4B66-819C-0583C9BD5080}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{563D94F4-7824-4819-9A64-A0373BEF84B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{574F312B-2DC3-46BF-B2AA-95EDF54671FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AD200DC-41E2-405E-9E55-F4DCB3575C20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73F6DF48-35C2-4152-B2AF-4DA5FAE45C61}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{80A10AE8-0482-409F-898C-E06C003E32C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80FBE557-B257-4206-AE6D-29E6C36096C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{867F2B25-47AE-4D8D-89CB-506BFE1E143C}" = protocol=6 | dir=out | app=system |
"{91C169B1-E473-4E9B-A056-AB965480246C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B39CE496-0D68-4B8A-97D2-2694A17FD426}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB477961-DA3F-46A8-A28B-099B034DAC84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B37BF9-031A-4FEC-AA4A-B43021DDC528}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DFE89C92-F128-4F7C-B536-94585B6A884F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4D58D7D-38D2-4498-9C27-FD83860D678E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB094AB4-4774-4D67-AF19-D3F790457AA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCFC48B9-A1B1-4647-A3B1-534E58CC95BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{08DBFEC9-968D-4025-91E2-76FE21BA9346}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3B32EB1A-AC5E-415C-8A65-34A3E6529DCC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{65656573-3EB4-43C0-80E1-432781C54A00}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{891123EE-9CD7-4948-A9A4-0C474E442DB4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D44CC8A7-E860-44B8-B93F-F845408DE7B2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{01287E91-9AD1-435D-A184-FDE4545CD147}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{093B6BED-17ED-45E9-A870-1A9648D0F810}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{728D9E9C-E438-4631-B0F0-C8014BD85AA6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AE7C11F-FCB2-4270-B185-912059E97AA9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B84ABFD6-167D-49D2-9D95-59C16E034503}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7087B4-9ED4-452F-A247-3B05663C3B5A}" = Meine Anlauttabelle für den Computer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EECC97DC-2AF0-4952-8421-349E3D5B0361}" = MindMapper 2.8 (Standard)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira Free Antivirus
"Creative Centrale" = Creative Centrale
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSMT6" = MathType 6
"EPSON BX635FWD Series" = EPSON BX635FWD Series Printer Uninstall
"EPSON BX635FWD Series Netg" = Netzwerkhandbuch EPSON BX635FWD Series
"EPSON BX635FWD Series Useg" = Benutzerhandbuch EPSON BX635FWD Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FormatFactory" = FormatFactory 2.96
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Veetle TV" = Veetle TV 0.9.18
"WinRAR archiver" = WinRAR
"XMind" = XMind
"zabulo_is1" = zabulo 1.2
"ZENXFI2UG" = Creative ZEN X-Fi2 Dokumentation
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2012 10:44:24 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.03.2012 10:44:26 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.03.2012 10:44:36 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:26:00 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:26:58 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:27:00 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.04.2012 03:27:01 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2012 14:30:54 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.04.2012 13:18:51 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.04.2012 13:18:51 | Computer Name = OH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ OSession Events ]
Error - 30.01.2011 05:39:35 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.03.2011 08:07:49 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4224
seconds with 540 seconds of active time. This session ended with a crash.
Error - 28.03.2011 09:25:12 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5050 seconds with 2100 seconds of active time. This session ended with a
crash.
Error - 02.05.2011 01:53:13 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 296
seconds with 180 seconds of active time. This session ended with a crash.
Error - 14.08.2011 07:48:24 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2011 11:58:36 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 601
seconds with 600 seconds of active time. This session ended with a crash.
Error - 13.12.2011 12:03:12 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 524
seconds with 360 seconds of active time. This session ended with a crash.
Error - 17.10.2012 06:04:16 | Computer Name = OH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1335
seconds with 1140 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.04.2013 02:16:37 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 21.04.2013 06:03:54 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.05.2013 06:02:06 | Computer Name = OH-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.05.2013 03:31:54 | Computer Name = OH-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 17:25:59 unerwartet heruntergefahren.
Error - 16.05.2013 15:55:18 | Computer Name = OH-PC | Source = Application Popup | ID = 877
Description = Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
Error - 25.05.2013 05:07:35 | Computer Name = OH-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 08.06.2013 04:33:00 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Error - 08.06.2013 04:34:46 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst StiSvc erreicht.
Error - 13.06.2013 11:23:12 | Computer Name = OH-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14
Error - 18.06.2013 04:37:00 | Computer Name = OH-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
GMER Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-25 20:54:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.02.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OLAFHE~1\AppData\Local\Temp\pgddapoc.sys
---- System - GMER 2.1 ----
SSDT 95C532EE ZwCreateSection
SSDT 95C532F8 ZwRequestWaitReplyPort
SSDT 95C532F3 ZwSetContextThread
SSDT 95C532FD ZwSetSecurityObject
SSDT 95C53302 ZwSystemDebugControl
SSDT 95C5328F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E769F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB01F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EB753C 4 Bytes [EE, 32, C5, 95] {OUT DX, AL; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EB7898 4 Bytes [F8, 32, C5, 95] {CLC ; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EB78DC 4 Bytes [F3, 32, C5, 95] {XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EB7958 4 Bytes [FD, 32, C5, 95] {STD ; XOR AL, CH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EB79AC 4 Bytes [02, 33, C5, 95]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[120] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\schtasks.exe[312] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[324] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
.text C:\Windows\system32\conhost.exe[464] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[500] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetCloseHandle 775D4282 5 Bytes JMP 03F311F0
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpQueryInfoA 775D7079 5 Bytes JMP 03F310E0
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpQueryInfoW 775D77C2 5 Bytes JMP 03F31168
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpSendRequestW 775D7CA6 5 Bytes JMP 03F30BF8
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpOpenRequestW 775D83DD 5 Bytes JMP 03F2F870
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetQueryDataAvailable 775E92E9 5 Bytes JMP 03F30F98
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFile 775E972B 5 Bytes JMP 03F30FE4
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFileExW 775FADD7 5 Bytes JMP 03F3108C
.text C:\Windows\Explorer.EXE[1908] WININET.dll!InternetReadFileExA 775FAE2E 5 Bytes JMP 03F31038
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpSendRequestA 776A32F2 5 Bytes JMP 03F30C44
.text C:\Windows\Explorer.EXE[1908] WININET.dll!HttpOpenRequestA 776A3595 5 Bytes JMP 03F2FA40
.text C:\Program Files\Bonjour\mDNSResponder.exe[1968] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2000] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2104] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2196] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\System32\igfxtray.exe[2224] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2592] ntdll.dll!DbgUiRemoteBreakin 779AF17D 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2592] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE[2612] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2720] user32.DLL!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2756] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Samsung\Kies\Kies.exe[3132] USER32.dll!DialogBoxParamW 77A93B9B 5 Bytes JMP 756C4BB0 c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
---- EOF - GMER 2.1 ----
|
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG für die MITLESER: 
