| Stella_2012 | 14.12.2012 16:20 |
Entschuldigung: Code:
OTL logfile created on: 13.12.2012 22:40:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lunge\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,15% Memory free
3,50 Gb Paging File | 2,29 Gb Available in Paging File | 65,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,51 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 26,56 Gb Free Space | 37,94% Space Free | Partition Type: NTFS
Drive G: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LUNGE-PC | User Name: Stella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.13 22:40:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lunge\Downloads\OTL.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.06 16:54:52 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.29 00:57:30 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.02 11:07:18 | 001,694,096 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.10.18 20:05:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 18:00:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.04 22:00:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.03.24 16:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006.11.22 06:20:00 | 003,768,320 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\WIBUKEY\Server\WkSvMgr.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.06 16:54:52 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.05.20 09:21:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.05.20 09:20:28 | 000,159,744 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2009.05.20 09:19:32 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.05.20 09:17:08 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.05.20 09:15:42 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.05.20 09:13:14 | 000,139,264 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.05.20 09:10:26 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.20 09:09:12 | 000,176,128 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.05.20 08:53:38 | 000,860,160 | ---- | M] () -- C:\Programme\Mobile Partner\NDISAPI.dll
MOD - [2009.03.24 16:10:08 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2009.03.10 19:06:04 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2009.03.10 19:06:02 | 000,061,440 | R--- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2009.03.10 19:06:00 | 000,155,648 | R--- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2009.03.10 19:05:58 | 000,561,152 | R--- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2007.08.23 15:39:30 | 000,014,848 | R--- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 14:50:04 | 000,090,112 | R--- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.12.13 16:23:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.05 21:56:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.06 16:54:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2011.12.29 00:57:30 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.18 20:05:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 18:00:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.13 09:50:49 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.29 00:57:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011.12.29 00:57:26 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.10.18 20:05:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.18 20:05:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 12:56:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.02.11 02:42:38 | 001,027,328 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009.10.14 20:41:42 | 000,185,048 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_359.sys -- (pfmfs_359)
DRV - [2009.09.21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.06.22 18:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 18:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.12.01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006.11.22 06:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 65 39 8B D3 DC CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "AF-HSS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 20:14:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.24 22:36:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.24 22:36:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.14 20:14:26 | 000,000,000 | ---D | M]
[2012.02.20 18:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Extensions
[2010.06.04 10:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.13 15:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\Firefox\Profiles\gds1rjjk.default\extensions
[2012.11.23 12:45:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.18 19:47:36 | 000,000,915 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\conduit.xml
[2011.11.08 21:06:50 | 000,002,519 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\SearchResults.xml
[2012.01.21 15:18:41 | 000,002,515 | ---- | M] () -- C:\Users\Lunge\AppData\Roaming\mozilla\firefox\profiles\gds1rjjk.default\searchplugins\Search_Results.xml
[2012.08.06 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.29 00:13:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.19 15:02:39 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.08.06 16:54:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.06 16:54:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.06 16:54:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.06 16:54:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.06 16:54:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.29 00:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2011.11.08 21:06:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.21 15:18:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.08.06 16:54:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.06 16:54:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.04.15 20:38:58 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F1F6D65-20D6-4D2F-8D84-F972EC5B149A}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F00315-28C4-44BA-BDE5-08BD9BA07440}: DhcpNameServer = 130.75.1.32 130.75.1.40
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.05 19:42:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 00:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1dd9a4b2-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4b2-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1dd9a4ce-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4ce-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1dd9a4db-c4dc-11df-9203-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd9a4db-c4dc-11df-9203-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2315b836-51f4-11df-8973-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{2315b836-51f4-11df-8973-00137736d597}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{e4b33ab3-19cd-11e0-8f4f-00137736d597}\Shell - "" = AutoRun
O33 - MountPoints2\{e4b33ab3-19cd-11e0-8f4f-00137736d597}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.13 16:42:37 | 000,000,000 | ---D | C] -- C:\Users\Lunge\AppData\Roaming\Malwarebytes
[2012.12.13 16:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.13 16:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.13 16:42:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 16:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.11 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\Lunge\AppData\Local\cache
========== Files - Modified Within 30 Days ==========
[2012.12.13 22:48:05 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 22:48:05 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 22:37:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.13 22:37:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 22:37:18 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 22:32:30 | 000,000,176 | ---- | M] () -- C:\Users\Lunge\defogger_reenable
[2012.12.13 22:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.13 17:10:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.13 16:42:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.13 15:53:41 | 002,469,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.11 21:30:38 | 000,707,566 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.11 21:30:38 | 000,661,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.11 21:30:38 | 000,153,126 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.11 21:30:38 | 000,125,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.04 06:39:49 | 000,324,701 | ---- | M] () -- C:\Users\Lunge\Desktop\Winterwald.jpg
[2012.12.03 11:26:19 | 000,069,128 | ---- | M] () -- C:\Users\Lunge\Desktop\Riders Room.jpg
[2012.11.26 18:18:34 | 000,578,975 | ---- | M] () -- C:\Users\Lunge\Desktop\Gr_50_ad_0410.dwg
========== Files Created - No Company Name ==========
[2012.12.13 22:32:01 | 000,000,176 | ---- | C] () -- C:\Users\Lunge\defogger_reenable
[2012.12.13 16:42:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.03 22:19:33 | 000,324,701 | ---- | C] () -- C:\Users\Lunge\Desktop\Winterwald.jpg
[2012.12.03 11:26:19 | 000,069,128 | ---- | C] () -- C:\Users\Lunge\Desktop\Riders Room.jpg
[2012.11.26 18:19:26 | 000,578,975 | ---- | C] () -- C:\Users\Lunge\Desktop\Gr_50_ad_0410.dwg
[2012.11.15 07:24:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 07:23:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.05 21:57:02 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.24 22:38:15 | 000,057,552 | ---- | C] () -- C:\Windows\System32\WkDos.exe
[2012.10.24 22:37:31 | 000,203,264 | R--- | C] () -- C:\Windows\System32\WkWin32.dll
[2012.10.24 22:31:24 | 000,003,584 | ---- | C] () -- C:\Users\Lunge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.21 15:18:38 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.21 14:38:57 | 000,000,093 | ---- | C] () -- C:\Users\Lunge\AppData\Local\fusioncache.dat
[2011.11.21 00:06:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.11.21 00:06:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.11.14 19:52:22 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011.11.14 19:34:50 | 000,230,099 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011.10.19 19:06:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.14 22:59:42 | 093,829,256 | ---- | C] () -- C:\Users\Lunge\01_fun.rar
[2010.08.27 19:35:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.16 23:31:09 | 000,024,285 | ---- | C] () -- C:\Users\Lunge\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.07.14 00:11:12 | 000,104,138 | R-S- | C] () -- C:\Users\Lunge\AppData\Roaming\igfxtray.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.01.20 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Amazon
[2012.11.05 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Autodesk
[2010.04.16 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.27 14:08:06 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\DAEMON Tools Lite
[2011.01.22 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FileZilla
[2012.01.21 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FreeAudioPack
[2012.01.21 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\FreeCDRipper
[2012.10.24 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Graphisoft
[2010.09.07 22:41:59 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\ICQ
[2012.02.13 23:15:13 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\MicroST
[2010.04.16 22:59:36 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Nokia
[2010.04.16 22:57:19 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\PC Suite
[2011.11.21 00:06:47 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\Samsung
[2010.08.17 12:04:39 | 000,000,000 | ---D | M] -- C:\Users\Lunge\AppData\Roaming\TeamViewer
========== Purity Check ==========
< End of report >
Und hier: Code:
OTL Extras logfile created on: 13.12.2012 22:40:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lunge\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,15% Memory free
3,50 Gb Paging File | 2,29 Gb Available in Paging File | 65,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,51 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 26,56 Gb Free Space | 37,94% Space Free | Partition Type: NTFS
Drive G: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LUNGE-PC | User Name: Stella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03421A31-65BB-4815-B644-03E1EB398929}" = lport=138 | protocol=17 | dir=in | app=system |
"{0B615D94-02FF-4FFF-9EAC-DF938977C91D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10A6915F-D004-464C-AF86-2084B5D2ED3F}" = rport=138 | protocol=17 | dir=out | app=system |
"{11D0FC05-966A-4712-A83F-AF456C0A6134}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21AE81D3-477F-46AC-9339-A9CB4E0400EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2368D46B-6924-4578-B963-54B600BA33F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{23B89A4C-5437-4E71-9CB9-9F61633B0E5F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3A769903-539D-4FB1-A0C4-DAA9BD494CDB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3C41DC97-A77F-47AC-BFB9-D3619DC317FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{47BFE119-2BD9-4784-83F6-D5FD713FA6B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5A354433-9B0E-4F12-B507-99875CA293A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F85FFCE-8C4D-4F62-A9CE-D8F13C871691}" = rport=137 | protocol=17 | dir=out | app=system |
"{910DDFEF-0E66-48DC-AD75-6CA89255D796}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C460B6C-5B8F-4B46-825D-FDE1FC4FF4CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAC2A8F5-317B-4D03-AFEF-1CD80F1A0345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AFC7C349-7D83-4283-A511-B4103D9082F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1FB5DDD-7471-4606-AA48-B8C6FCB5A42E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D22EA008-50A4-4804-B4D2-0874EC6711FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8771966-E13F-4CD1-8957-1B2B0EA545B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{DADEAFED-32D2-4613-9568-AE97F5F6C9D2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EAF2352F-C58A-44AF-AFB9-C754A6260E25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9A4E11-2AC4-4B14-A006-FECF52AA5A3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECB319C9-0643-431C-8BB0-678D10FC2755}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9811B70-B5EB-402D-81C9-B4F83580236E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028C66D7-44D6-4041-813E-D50D1A528E07}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{08A02D18-6C9A-49FA-9D10-D39352FBE27E}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{09EE7E48-784B-411B-A31D-B9E42CDB8335}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{0C837674-5351-4FE8-8970-9AEE64B3F433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F3D6833-CE1E-4392-BC8A-4DC624CE36F8}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{1095AED7-8B1F-476A-853A-6731A968AE81}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{12FEAD9F-364C-41C7-8683-AA36A002C9A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18D6C2D6-D362-4DDE-8225-041717FB474A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{18DE5CC8-3E57-4906-A276-6BCA6A36ED0C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1BBA847D-3D3C-4829-B414-5F0BEAD67C91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2714370F-176D-4704-A0E0-7162A2E667D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28F8E9C8-5800-45AA-9EBD-5B192E8EE406}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{2F2854C3-4EFB-49FD-93B5-211435BB5FC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{34819C29-A0EB-4241-8D72-CED1E0F88553}" = protocol=6 | dir=out | app=system |
"{37ABEC94-161D-4995-A119-2F30F8C297C8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3E0F6570-A40A-489E-A738-1291D745C167}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DB6D64F-D44E-4305-B5FA-C0BF4EE05A2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{545161FF-C52A-4514-BED0-E0620298BAA5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5524ABAA-9A09-4037-9611-10B2442C5AC8}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5BE6584D-521A-42B9-8D08-FB3A8726C8DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{5CE55559-ACC4-4FE1-A3C6-9584962CB6CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{67564CCA-7989-44EE-B1FE-AA81312AF026}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{7526D1E3-3745-43CF-A1A5-CB1440AA04EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{752A3371-F123-40E3-93D4-4D15271D900D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{75FD5010-AFD6-4688-9242-E6FD165AD159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D23121B-9138-4FD5-8EFD-EACE6CA8D64F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F937B2B-161B-4300-959F-07CE2A7CE579}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{81CE7DB2-A3D4-49F4-8FDB-2BE51499A4E5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{82D238AC-C076-4FAB-B58B-1C382399C39D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84A7ADDE-78FE-47E3-AF35-FEEC80509872}" = dir=in | app=e:\setup\hpznui01.exe |
"{850C4FA7-FFCE-459C-A8E1-7D48EF8D7425}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{89025163-00DB-4D44-B25A-D8A35264F856}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{919C8D5F-3B1E-4BA5-AB36-7F7203F7D6C3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{95101CD8-5DCA-4757-9CCB-7E9231A0F5F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98217C7A-C6AA-4BD3-BFD0-D30045A0771C}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{9AECB6B4-28E3-446C-B96D-186DB2BB65A2}" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"{9DD2EB74-A7D5-42E5-ACF7-6271D2E97ED8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A452D50C-F809-4494-879B-A2B57BE3CA9A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B3A217C2-8355-45D9-97EB-AE0D5EDF56B1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B4B93E1D-517A-4B76-A0B2-587A16B2797A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{BCF44347-BE32-4103-A621-A9D2A61747B4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{BE3E3701-805D-4AF7-84D9-067B80FE0E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6499BC5-5E2B-4D49-B799-B91ABD2E300A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C67346C1-B157-43E1-B92F-D31B5E3B5DBE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C76F0BE6-8C7B-451F-AFB2-CB5BD012313A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C8A47D34-F36D-4951-86DA-676FE478FCF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEB2B3E3-4B12-46E9-B499-23555ACE5068}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{D0EC17A4-94CF-4FBE-9182-7A2296017A31}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D2067A49-3BE0-421B-BC86-3418CAC2D19F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7BB0CF9-0794-45FC-B185-2A57A2A902AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D8BAAD0B-6CE3-4DD9-AA43-B38E9091D3F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB396363-011E-4119-A7AC-4795E3823B4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{DEA82FE9-BF11-4B13-8B78-6E0E257B1C98}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFFCADBA-063A-4CF2-B20F-C2B8D38BC08A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E13A669B-7019-4C60-B4EE-9E1A9090C4E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E28CC3E3-F6FE-448B-BF96-5BF2DC74007F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E4AAB9B0-25B9-4D30-ABE1-472939F1918C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E6A0D257-B246-4043-B4D3-95D553DEEEC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA9D5489-8712-4D25-8B8F-FD278EF10FB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F45FC174-710D-4456-A9BE-33190A8E6983}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F4777B1C-2955-41FB-AD90-E3BC1D40315D}" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"{F68E8901-BB2D-46B8-8D89-61A1432A836C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FD6966DD-782A-4AE1-84A3-8FB2BBF123E8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FF537667-0E1A-4ECA-8A39-3431A2A72F3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{D72D29D3-4EAC-44EA-86A6-F04216AC25BA}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"TCP Query User{DEAE8EE1-3170-4BB7-B3C0-37635DD77787}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0F364785-49D4-4677-83BB-220A7800CFF3}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"UDP Query User{B2CF45F9-A335-4CA3-94C5-937AFC5CFB17}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-7004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009 - Deutsch
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{5783F2D7-A004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2012 - Deutsch
"{5783F2D7-A004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2012 Language Pack - Deutsch
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2008
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A88EFF90-6DA0-4468-85D4-62543AD92A83}" = Nemetschek Allplan 2008
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D8D8B308-B172-43DB-96F1-6A3F84851D61}" = iTunes Art Importer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"001FFFFFFF12FF00FF0201F05F02F000-R1" = ArchiCAD 12 GER
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"AF-HSS Toolbar" = AF-HSS Toolbar
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AutoCAD Architecture 2009 - Deutsch" = AutoCAD Architecture 2009 - Deutsch
"AutoCAD Architecture 2010 - Deutsch" = AutoCAD Architecture 2010 - Deutsch
"AutoCAD Architecture 2012 - Deutsch" = AutoCAD Architecture 2012 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HotspotShield" = Hotspot Shield 2.23
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"iLivid" = iLivid
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.0.5
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2012 06:54:19 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 06:54:19 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 18:25:18 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 18:25:18 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:02:23 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:02:23 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 01:13:44 | Computer Name = Lunge-PC | Source = RasClient | ID = 20227
Description =
Error - 23.01.2012 01:50:26 | Computer Name = Lunge-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 23.01.2012 02:21:25 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 02:21:25 | Computer Name = Lunge-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 26.11.2012 06:59:18 | Computer Name = Lunge-PC | Source = bowser | ID = 8003
Description =
Error - 26.11.2012 07:23:21 | Computer Name = Lunge-PC | Source = bowser | ID = 8003
Description =
Error - 27.11.2012 08:40:28 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Autodesk Content Service erreicht.
Error - 27.11.2012 08:40:28 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Autodesk Content Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 01.12.2012 12:27:34 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SBSD Security Center Service erreicht.
Error - 01.12.2012 12:27:34 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 03.12.2012 13:56:14 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 04.12.2012 01:34:06 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 05.12.2012 05:41:50 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 05.12.2012 18:43:00 | Computer Name = Lunge-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
< End of report >
Und der letzte: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-14 07:46:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH_PL rev.0000001C
Running: eyw0sy48.exe; Driver: C:\Users\Lunge\AppData\Local\Temp\ugloapod.sys
---- System - GMER 1.0.15 ----
SSDT 8F2FC856 ZwCreateSection
SSDT 8F2FC85B ZwSetContextThread
SSDT 8F2FC7F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 82C4B9C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C6B4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C7287C 4 Bytes [56, C8, 2F, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C72C1C 4 Bytes [5B, C8, 2F, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 82C72CF4 4 Bytes CALL B28F247B
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC24000, 0x23097E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtClose 77A754C8 5 Bytes JMP 73309DB0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtCreateFile 77A755C8 5 Bytes JMP 73309BF0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtOpenFile 77A75CD8 5 Bytes JMP 73309B70 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtQueryInformationFile 77A76018 5 Bytes JMP 73309E20 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtReadFile 77A762B8 5 Bytes JMP 73309C90 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtSetInformationFile 77A76638 5 Bytes JMP 73309EA0 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!NtWriteFile 77A76A68 5 Bytes JMP 73309D20 C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] ntdll.dll!LdrLoadDll 77A9223E 5 Bytes JMP 6392C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!MapViewOfFile 761E9423 5 Bytes JMP 63B5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] kernel32.dll!VirtualAlloc 761EC43A 5 Bytes JMP 63B5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3672] GDI32.dll!CreateDIBSection 77568850 4 Bytes JMP 63B5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread SYSTEM [4:3236] 9B2E3F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 6992
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x19 0xE5 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x4B 0x9F 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xBF 0x61 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x00 0x19 0xE5 0x89 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x4B 0x9F 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xBF 0x61 0x68 ...
---- EOF - GMER 1.0.15 ----
|
