| bärtiger | 12.05.2011 08:34 |
Einschätzung otl-log
Guten Morgen,
ich hatte gestern einen trojaner-befall des typs "TR/Kazy.mekml.1". Nun habe ich, entsprechend der anleitung des forums, malewarebytes ausgeführt, und die infizierten datein gelöscht. außerdem habe ich otl.exe und unhide.exe laufen lassen.
Nun wollte ich zunächst fragen, ob mir jemand ein kostenlose Lösung empfehlen kann, wie soetwas nicht mehr vorkommt.
Außerdem wollte ich gerne wissen, ob die beiden logs von otl in ordnung sind, oder ich weitere schritte unternehmen muss. vielen dank schonmal im voraus.
hier die otl.txtOTL Logfile: Code:
OTL logfile created on: 12.05.2011 08:12:59 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
Computer Name: -PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
PRC - [2011.05.11 17:09:56 | 003,318,784 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\sp_rsser.exe
PRC - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.18 17:49:27 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.14 18:50:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe
PRC - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2009.01.08 21:30:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.05 05:16:26 | 000,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe
PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.01.17 08:33:02 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
========== Driver Services (SafeList) ==========
DRV - [2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.03.19 18:22:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 16:25:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.09 13:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.01.09 13:03:40 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.01.09 13:03:40 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.01.09 13:03:40 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.01.09 13:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008.12.31 17:29:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.10.23 14:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.06.09 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://webmail.eva.mpg.de/ox6/ox.html"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {C3B2959E-301D-47E5-A440-2C797569D4F6}:1.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 18:42:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 18:42:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: D:\components [2011.03.05 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: D:\plugins [2011.04.12 09:12:07 | 000,000,000 | ---D | M]
[2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.15 08:53:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\psm38bn6.default\extensions
[2011.04.15 08:50:53 | 000,000,873 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\conduit.xml
[2011.05.09 19:13:45 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-1.xml
[2009.05.06 10:11:58 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-2.xml
[2009.05.16 01:37:22 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-3.xml
[2009.06.24 09:30:06 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-4.xml
[2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin.xml
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.19 09:35:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.02.25 11:47:46 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.05.27 20:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011.05.11 14:51:26 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JAN\APPDATA\LOCAL\{C3B2959E-301D-47E5-A440-2C797569D4F6}
[2011.01.21 12:04:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.01.21 12:04:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.21 12:04:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.01.21 12:04:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.01.21 12:04:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Bdidomurediqatar] File not found
O4 - HKCU..\Run: [Hwefutiyayiyoh] File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: eintracht-schkeuditz.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.07 17:27:18 | 000,077,893 | ---- | M] (Palm, Inc.) - D:\AutoDetect.dll -- [ NTFS ]
O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell - "" = AutoRun
O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - D:\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Jan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - File not found
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.05.12 08:10:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011.05.11 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2011.05.11 22:23:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 22:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.11 22:23:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.11 22:23:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.11 22:18:42 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\\mbam-setup.exe
[2011.05.11 17:09:55 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2011.05.11 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011.05.11 17:09:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spyware Terminator
[2011.05.11 17:09:37 | 000,000,000 | -H-D | C] -- C:\Programme\Spyware Terminator
[2011.05.11 16:58:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.05.11 14:51:26 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}
[2011.05.10 08:41:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.10 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.10 08:41:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.05.02 09:22:33 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\korrekturen ma
[2011.04.30 18:41:35 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\Abschlussprüfung
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
========== Files - Modified Within 30 Days ==========
[2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2011.05.12 08:03:44 | 000,028,389 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.05.12 08:02:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 08:02:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 08:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.12 08:02:29 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.12 00:34:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.11 22:18:53 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\\mbam-setup.exe
[2011.05.11 21:22:09 | 000,000,120 | -H-- | M] () -- C:\Users\\AppData\Local\Tjavecus.dat
[2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job
[2011.05.11 14:51:27 | 000,000,000 | -H-- | M] () -- C:\Users\\AppData\Local\Ixuyefub.bin
[2011.05.11 14:49:22 | 000,000,000 | -H-- | M] () -- C:\Users\\2gweorjqjutp92vjy9gake
[2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.05 12:01:48 | 000,770,571 | -H-- | M] () -- C:\Users\\Desktop
[2011.05.02 09:24:28 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.02 09:24:28 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.02 09:24:28 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.02 09:24:28 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 15:52:48 | 000,132,642 | -H-- | M] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf
[2011.04.16 15:04:52 | 000,373,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.15 14:02:55 | 000,049,866 | -H-- | M] () -- C:\Users\\Desktop\
========== Files Created - No Company Name ==========
[2011.05.11 21:59:04 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.11 17:09:56 | 000,142,592 | -H-- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.11 14:51:27 | 000,000,120 | -H-- | C] () -- C:\Users\\AppData\Local\Tjavecus.dat
[2011.05.11 14:51:27 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\Ixuyefub.bin
[2011.05.11 14:49:22 | 000,000,000 | -H-- | C] () -- C:\Users\\2gweorjqjutp92vjy9gake
[2011.05.05 12:01:45 | 000,770,571 | -H-- | C] () -- C:\Users\\Desktop\gesamtes Dokument_umstrukturiert_kompatibel_1.pdf
[2011.04.26 15:52:47 | 000,132,642 | -H-- | C] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf
[2011.04.15 14:02:55 | 000,049,866 | -H-- | C] () -- C:\Users\\Desktop\Aushang_Prferzuordnung_2011-04-14.pdf
[2010.07.15 22:48:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\aveficawajurija.dll
[2010.07.15 16:50:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\udacubuwo.dll
[2010.07.15 01:40:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\igudonotudokawas.dll
[2010.07.14 23:38:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\useficaw.dll
[2010.07.14 21:36:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\adavupilidar.dll
[2010.07.14 19:34:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\awoyafisequpal.dll
[2010.07.14 12:06:18 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osemowemowemo.dll
[2010.07.14 10:04:15 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\obuzuquf.dll
[2010.07.14 00:14:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\enizevuladiwoxew.dll
[2010.07.13 22:12:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\iveladolequfiraw.dll
[2010.07.13 17:34:21 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\unidicuvuh.dll
[2010.07.13 09:03:06 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\eyihurozecec.dll
[2010.07.12 23:52:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\onunagogutagesa.dll
[2010.07.12 21:50:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\elutulivihan.dll
[2010.07.12 19:48:40 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uwuninozumah.dll
[2010.07.12 18:17:20 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ogoqubef.dll
[2010.07.12 13:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\orayuliw.dll
[2010.07.12 11:19:57 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uxesukas.dll
[2010.07.12 07:15:58 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ezojatazalebinur.dll
[2010.07.12 00:24:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etoyojomuc.dll
[2010.07.11 22:22:31 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osetufumul.dll
[2010.07.11 20:20:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uzabeguy.dll
[2010.07.11 18:18:35 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\afejilil.dll
[2010.07.11 09:58:47 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etosonocesofihut.dll
[2010.07.11 07:56:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ajazavoh.dll
[2010.07.11 05:54:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ivobeyitamewiga.dll
[2010.07.10 20:32:05 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\oyemexizodulip.dll
[2010.07.10 18:30:13 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ufolikolakefuper.dll
[2010.07.10 12:44:04 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ihomucorojewujo.dll
[2010.07.10 10:53:23 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ociliyojoqo.dll
[2010.04.30 11:28:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.04.26 22:40:05 | 000,000,032 | --S- | C] () -- C:\Users\\AppData\Local\886739347.dat
[2009.05.29 18:57:21 | 000,001,372 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.05.23 13:27:53 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.05.23 13:20:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.05.23 13:20:31 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.05.22 12:19:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 00:45:54 | 000,027,648 | -H-- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.24 19:07:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.24 19:07:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.26 13:37:16 | 000,686,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.26 13:37:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.26 13:37:16 | 000,150,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.26 13:37:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.26 13:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.25 23:08:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 07:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.06.25 07:36:36 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.06.25 07:36:12 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.25 07:30:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.06.25 07:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.06.25 07:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.06.25 07:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.06.25 07:22:17 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008.06.25 07:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.06.25 07:18:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.06.25 07:18:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,373,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,643,612 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,500 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich
[2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip
[2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited
[2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools
[2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon
[2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure
[2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync
[2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ
[2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech
[2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec
[2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\AppData\Roaming\Thunderbird
[2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars
[2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount
[2010.12.01 14:26:37 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010.12.01 02:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010.11.30 02:47:04 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011.05.12 00:34:11 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich
[2011.05.11 14:49:22 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Adobe
[2011.02.09 13:15:42 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Apple Computer
[2009.06.24 18:34:30 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Arcsoft
[2010.04.30 12:01:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Avira
[2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip
[2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited
[2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools
[2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon
[2010.05.24 17:09:00 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DivX
[2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure
[2011.01.10 23:11:56 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\dvdcss
[2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync
[2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ
[2008.12.24 18:12:25 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Identities
[2010.02.08 10:27:32 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Intel
[2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech
[2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec
[2008.12.24 18:34:23 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Macromedia
[2011.05.11 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Media Center Programs
[2011.01.11 11:06:44 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft
[2009.01.04 15:20:21 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla
[2010.06.01 19:41:58 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla-Cache
[2011.05.11 15:38:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Skype
[2011.05.11 15:37:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\skypePM
[2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Thunderbird
[2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars
[2009.01.16 00:02:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\vlc
[2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount
[2009.01.26 18:06:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009.01.14 22:31:29 | 001,887,176 | -H-- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.02.14 13:42:14 | 002,832,544 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Jan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut_ITA.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5_2.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut8.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2008.05.07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008.06.16 14:38:28 | 000,396,312 | ---- | M] (Intel Corporation) MD5=DB0C1076AB442C09D2A3AB0410DBEA0D -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\drivers\iaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3506096f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.12.31 17:29:08 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011.02.18 17:45:03 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
--- --- ---
und die extras.txtOTL Logfile: Code:
OTL Extras logfile created on: 12.05.2011 08:12:59 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CE4A6A-F06F-4366-AE9B-6E70BB89DE0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09B82570-3BB2-402A-AABE-D38A6B9C3822}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system |
"{173F39C8-37A0-4F3F-86C0-D34CAB4451D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C69006A-2E0E-4382-93CB-948BFEF8FB41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2788C89C-A771-4FE5-A147-51E6F92210B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system |
"{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DA0A055-2572-4B08-AEB9-8B7F5BC99828}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3EC03EB-F404-4C85-A112-C926F3C1601C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6129F98-5342-4BD7-A045-2C3D171406AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E774DC70-4AC2-479C-B161-FC99184EE300}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EE8ADA95-22C5-4DC6-84AA-9D36EA4DBFA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16E42212-A15C-48CE-9073-508FEAEFE664}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20F2D4B7-19A5-40A8-9291-F0879CBE9A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{21D7F792-EAA0-4AA6-B5C6-9253918B18B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{281EB8C8-643F-4D98-BDAC-8D05A552D952}" = dir=in | app=d:\itunes.exe |
"{2A8F1A49-2850-47AB-973E-E11E73AF44DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CF5B874-02FD-4478-8C89-5818B91AC8E1}" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{30F3FA6C-0344-4AF4-8A9F-5C5E55244046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A6474B3-ECBB-4689-96FF-F219E59BD076}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3C4F0119-CFB6-419D-B9DF-24AD0F821FF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4380B52E-A787-4603-B21F-5B24E7DB0A85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4BC170A8-5160-4FFB-A6A3-2201BBB02492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CEA9209-D265-4DC4-BEF2-ED3342489566}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D9A4AE1-138F-4A3E-8873-6662FA533DA5}" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"{649876CF-55C5-4A59-B13F-CF0F09DFEB72}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{66524954-1A7D-4521-9E16-CAB4A754C040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C3A9DE7-C491-40DD-914B-711BEBDE37EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A838FA0-C956-4EA6-9F9F-6A48CF5B82FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B363943-F519-4943-88A3-C62E618978B6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9EE09123-FC48-4462-A1B9-ACA39B7D3CE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC00ECA8-E002-43F2-82CF-89BDDDA5A2C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C30F3283-D4EC-48E8-8444-4A18B0D56BC1}" = protocol=6 | dir=out | app=system |
"{C5B226B3-994D-4D8B-9E9F-CD7741B7F5FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D449E915-CCCB-415F-998E-929C10BCC103}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D97A9791-AC34-40BA-AFE0-50961854AF61}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E88E1CC0-09DE-492B-B589-34F587550CE6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{ED7BA02F-87B6-4115-AA41-66918D696096}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FB7FB1F5-6B68-43B2-8843-4CAB94688883}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{22ADB944-B67E-4388-85BC-338DF4F4341C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{3E71F2AB-8143-47D8-A547-F66AA69C3C2D}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{408E1988-6D15-424C-96FF-D9EF96471740}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe |
"TCP Query User{40AC4BD8-B0F0-4897-8876-F4A12EAFD6FB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{6D6B22E1-3F93-4F66-BE36-84197EBAF7CF}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe |
"TCP Query User{8721F485-62E5-46DB-B40A-0460E2163EA2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9DF7F28C-F068-4F21-99C9-315E5984801F}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
"TCP Query User{9E5B76CC-0CB6-4803-9799-83B48A3A68E7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{AD5105DD-7E38-41D5-ABC6-285E61612EDB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{373D7826-9BB6-4B0D-81DA-83CBC64B18C0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{385D0C3C-C9BF-4AAE-AB00-35FEEEE51B7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{47FADEE7-4440-4D03-8F1E-705760EE965F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{68E6AE18-B636-4F7E-8D91-75B7ED3A6B35}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{CE1BE129-7050-4F91-8A2F-DA1230557270}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe |
"UDP Query User{D5604953-DFDC-404D-9B26-4353384C0D3C}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe |
"UDP Query User{D82358CE-F86D-4F9A-923D-5F05DF9E444F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E8D8381F-920C-4793-9B2D-E9E7F477184B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F0CDC56D-1B83-4C1E-8AC6-B2295AFDEB7D}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" =
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"ICQToolbar" = ICQ Toolbar
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"VoipDiscount_is1" = VoipDiscount
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mixxx (1.8.2)" = Mixxx 1.8.2
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- --- |
