| andi2107 | 04.11.2012 21:53 |
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome
Hallo, habe o.a. Plagegeist in meiner Startseite. Ich hoffe, ihr könnt mir helfen. Code:
OTL logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.08.10 12:37:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 12:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 08:03:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe
PRC - [2012.05.03 08:29:42 | 005,234,688 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\postgres.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2012.10.23 11:09:26 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll
MOD - [2012.10.23 11:09:24 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll
MOD - [2012.10.23 11:09:20 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll
MOD - [2012.10.23 11:09:18 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll
MOD - [2012.10.23 11:09:16 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll
MOD - [2012.10.23 11:09:13 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll
MOD - [2012.10.23 11:09:11 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll
MOD - [2012.10.23 11:09:06 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll
MOD - [2012.10.23 11:09:03 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll
MOD - [2012.10.23 11:08:45 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.10.23 11:08:42 | 005,846,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll
MOD - [2012.10.23 11:08:16 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll
MOD - [2012.10.23 11:07:59 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll
MOD - [2012.10.23 11:07:55 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll
MOD - [2012.10.23 11:07:44 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll
MOD - [2012.10.23 11:07:42 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll
MOD - [2012.10.23 11:07:40 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll
MOD - [2012.10.23 11:07:39 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll
MOD - [2012.10.23 11:07:38 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll
MOD - [2012.10.23 11:07:35 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll
MOD - [2012.10.23 11:07:34 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.10.23 11:07:32 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.10.23 11:07:31 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.10.23 11:07:28 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.10.23 11:07:25 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.10.23 11:07:24 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.10.23 11:07:19 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll
MOD - [2012.10.23 11:07:14 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll
MOD - [2012.10.23 11:07:07 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll
MOD - [2012.10.23 11:07:05 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll
MOD - [2012.10.23 11:07:04 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll
MOD - [2012.10.23 11:07:02 | 001,460,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll
MOD - [2012.10.23 11:07:00 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll
MOD - [2012.10.23 11:06:53 | 001,199,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll
MOD - [2012.10.23 11:06:48 | 001,689,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe
MOD - [2012.10.23 10:33:58 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll
MOD - [2012.10.23 10:33:53 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll
MOD - [2012.10.23 10:33:39 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.10.23 10:33:39 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.10.23 10:33:38 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.10.23 10:33:38 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.10.23 10:33:27 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012.10.23 10:33:23 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.10.23 10:33:18 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll
MOD - [2012.10.23 10:33:14 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll
MOD - [2012.10.23 10:33:11 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.10.23 10:32:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.10.23 10:32:28 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012.10.23 10:32:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.10.23 10:17:31 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.10.23 10:15:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.10.23 10:15:41 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.10.23 10:15:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.10.23 10:15:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.10.23 10:14:55 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.10.23 10:14:43 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.10.23 10:14:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.12.19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.20 13:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
========== Services (SafeList) ==========
SRV - [2012.10.08 22:06:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.10 20:28:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-9.1)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.05.31 20:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.03.05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.07.03 12:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.10 08:03:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 08:03:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.03 16:49:32 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011.10.03 16:49:32 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011.10.03 16:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.10.03 16:49:32 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.02.17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 22:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:40:35 | 000,000,000 | ---D | M]
[2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions
[2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions
[2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}
[2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net
[2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi
[2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.11 09:59:36 | 000,000,853 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\11-suche.xml
[2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml
[2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml
[2012.09.07 10:48:36 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
[2009.09.11 13:41:08 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
[2009.10.31 07:19:32 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
[2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml
[2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml
[2009.08.04 04:25:06 | 000,000,944 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin.xml
[2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml
[2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\Search_Results.xml
[2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml
[2012.10.21 18:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.03.21 22:26:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2012.03.21 22:26:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.21 22:26:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.21 22:26:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.21 22:26:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.03.21 22:26:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.21 22:26:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg
O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5
[2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5
[2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I
[2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung
[2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung
[2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung
[2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a}
[2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.23 09:59:50 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe
[2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig
[2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8
[2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2
[2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.10.02 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\CelloCD
[2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.30 20:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.30 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.30 19:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job
[2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 17:39:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.30 17:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.30 17:08:45 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job
[2012.10.29 17:29:10 | 001,360,590 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.29 17:29:10 | 000,823,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.29 17:29:10 | 000,366,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.29 17:29:10 | 000,322,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 21:31:49 | 063,541,565 | ---- | M] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe
[2012.10.25 20:36:03 | 000,000,786 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.10.23 10:01:48 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 20:36:03 | 000,000,786 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.25 20:21:25 | 063,541,565 | ---- | C] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe
[2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png
[2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar
[2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml
[2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties
[2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore
[2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer
[2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer
[2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat
[2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar
[2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig
[2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId
[2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history
[2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid
[2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass
[2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore
[2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat
[2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.07.13 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Amazon
[2010.06.29 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Audacity
[2009.09.29 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Canon
[2010.06.07 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\com.adobe.ExMan
[2011.12.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Cornelsen
[2010.02.14 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Desktopicon
[2012.07.18 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Dropbox
[2008.10.05 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\FireShot
[2010.05.19 22:45:13 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\GetRightToGo
[2012.08.14 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\gtk-2.0
[2012.05.13 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\ICQ
[2010.11.07 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\InfraRecorder
[2010.12.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\inkscape
[2009.11.13 10:09:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\myphotobook
[2012.06.15 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\MySQL
[2012.09.03 09:15:35 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Nokia
[2012.05.29 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Notepad++
[2010.04.01 15:30:33 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Online Solutions
[2011.01.19 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\OpenOffice.org
[2012.09.03 09:15:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PC Suite
[2009.03.12 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\pdf995
[2012.09.03 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PeerNetworking
[2011.08.29 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Philipp Winterberg
[2012.05.25 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\postgresql
[2012.10.23 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Samsung
[2010.02.24 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Scribus
[2010.04.13 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Subversion
[2012.05.04 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\SumatraPDF
[2010.03.30 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\syntevo
[2011.12.12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\TeamViewer
[2009.01.02 00:07:07 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\WEBDE
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06294227-C1D9-4452-8790-01E55C822560}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{39EF8E6A-440D-465A-A8F1-0E8B702353AB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{5BE1C8A7-ACA0-4CEB-A902-7920FA058015}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe |
"{8557EBD9-86B8-4BC3-86BA-0460A955C0A4}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe |
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe |
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D437FA88-B03F-4818-A490-22F00291D428}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F8D69ED5-B2AF-411F-B9EC-AC092DE467C3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe |
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe |
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe |
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe |
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe |
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 12:29:21 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description =
Error - 29.10.2012 12:30:44 | Computer Name = evandi-PC | Source = Perflib | ID = 1010
Description =
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2620
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2620
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4227
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4227
[ System Events ]
Error - 25.10.2012 05:03:00 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 05:04:40 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
< End of report >
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-01 09:54:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 7hq8loob.exe; Driver: C:\Users\evandi\AppData\Local\Temp\pxdiypog.sys
---- System - GMER 1.0.15 ----
SSDT 8D0FCA8E ZwCreateSection
SSDT 8D0FCA98 ZwRequestWaitReplyPort
SSDT 8D0FCA93 ZwSetContextThread
SSDT 8D0FCA9D ZwSetSecurityObject
SSDT 8D0FCAA2 ZwSystemDebugControl
SSDT 8D0FCA2F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82AC68D8 4 Bytes [8E, CA, 0F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 82AC6BFC 4 Bytes [98, CA, 0F, 8D] {CWDE ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 56D 82AC6C30 4 Bytes [93, CA, 0F, 8D] {XCHG EBX, EAX; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 5D1 82AC6C94 4 Bytes [9D, CA, 0F, 8D] {POPF ; RETF 0x8d0f}
.text ntkrnlpa.exe!KeSetEvent + 619 82AC6CDC 4 Bytes [A2, CA, 0F, 8D]
.text ...
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\upnphost\4,Windows automatically (not active ControlSet)
---- EOF - GMER 1.0.15 ----
besten Dank schonmal
andi |
