Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Startseite "http://www.searchnu.com/406" beim öffnen von Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.11.2012, 20:53   #1
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Hallo, habe o.a. Plagegeist in meiner Startseite. Ich hoffe, ihr könnt mir helfen.

Code:
ATTFilter
OTL logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
 
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.08.10 12:37:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 12:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 08:03:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe
PRC - [2012.05.03 08:29:42 | 005,234,688 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\9.1\bin\postgres.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.23 11:09:26 | 012,841,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll
MOD - [2012.10.23 11:09:24 | 000,608,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll
MOD - [2012.10.23 11:09:20 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll
MOD - [2012.10.23 11:09:18 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll
MOD - [2012.10.23 11:09:16 | 000,301,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll
MOD - [2012.10.23 11:09:13 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll
MOD - [2012.10.23 11:09:11 | 001,500,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll
MOD - [2012.10.23 11:09:06 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll
MOD - [2012.10.23 11:09:03 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll
MOD - [2012.10.23 11:08:45 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.10.23 11:08:42 | 005,846,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll
MOD - [2012.10.23 11:08:16 | 001,869,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll
MOD - [2012.10.23 11:07:59 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll
MOD - [2012.10.23 11:07:55 | 000,941,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll
MOD - [2012.10.23 11:07:44 | 000,320,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll
MOD - [2012.10.23 11:07:42 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll
MOD - [2012.10.23 11:07:40 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll
MOD - [2012.10.23 11:07:39 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll
MOD - [2012.10.23 11:07:38 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll
MOD - [2012.10.23 11:07:35 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll
MOD - [2012.10.23 11:07:34 | 000,282,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.10.23 11:07:32 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.10.23 11:07:31 | 000,566,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.10.23 11:07:28 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.10.23 11:07:25 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.10.23 11:07:24 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.10.23 11:07:19 | 001,057,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll
MOD - [2012.10.23 11:07:14 | 002,198,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll
MOD - [2012.10.23 11:07:07 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll
MOD - [2012.10.23 11:07:05 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll
MOD - [2012.10.23 11:07:04 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll
MOD - [2012.10.23 11:07:02 | 001,460,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll
MOD - [2012.10.23 11:07:00 | 001,844,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll
MOD - [2012.10.23 11:06:53 | 001,199,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll
MOD - [2012.10.23 11:06:48 | 001,689,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe
MOD - [2012.10.23 10:33:58 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll
MOD - [2012.10.23 10:33:53 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll
MOD - [2012.10.23 10:33:39 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.10.23 10:33:39 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.10.23 10:33:38 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.10.23 10:33:38 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.10.23 10:33:27 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012.10.23 10:33:23 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.10.23 10:33:18 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll
MOD - [2012.10.23 10:33:14 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll
MOD - [2012.10.23 10:33:11 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.10.23 10:32:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.10.23 10:32:28 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012.10.23 10:32:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.10.23 10:17:31 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.10.23 10:15:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.10.23 10:15:41 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.10.23 10:15:37 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.10.23 10:15:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.10.23 10:14:55 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.10.23 10:14:43 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.10.23 10:14:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.12.19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.20 13:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.08 22:06:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.10 20:28:30 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 12:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.10 08:03:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 08:03:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:30:33 | 000,099,840 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-9.1)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.05.31 20:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.03.05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.07.03 12:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.10 08:03:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 08:03:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.03 16:49:32 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011.10.03 16:49:32 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011.10.03 16:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.10.03 16:49:32 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.02.17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 22:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.11 19:40:35 | 000,000,000 | ---D | M]
 
[2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions
[2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions
[2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}
[2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net
[2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi
[2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.11 09:59:36 | 000,000,853 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\11-suche.xml
[2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml
[2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml
[2012.09.07 10:48:36 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
[2009.09.11 13:41:08 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
[2009.10.31 07:19:32 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
[2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml
[2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml
[2009.08.04 04:25:06 | 000,000,944 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin.xml
[2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml
[2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\Search_Results.xml
[2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml
[2012.10.21 18:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.03.21 22:26:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2012.03.21 22:26:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.21 22:26:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.21 22:26:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.21 22:26:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.03 13:44:32 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.03.21 22:26:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.21 22:26:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg
O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_***\MVAgusta.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5
[2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5
[2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I
[2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung
[2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung
[2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung
[2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a}
[2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.23 09:59:50 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe
[2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig
[2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8
[2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2
[2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.10.02 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\CelloCD
[2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.30 20:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.30 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.30 19:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job
[2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 19:08:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.30 17:39:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.30 17:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.30 17:08:45 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job
[2012.10.29 17:29:10 | 001,360,590 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.29 17:29:10 | 000,823,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.29 17:29:10 | 000,366,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.29 17:29:10 | 000,322,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 21:31:49 | 063,541,565 | ---- | M] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe
[2012.10.25 20:36:03 | 000,000,786 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.10.23 10:01:48 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\evandi\Desktop\Kies_2.5.0.12094_27_11.exe
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 20:36:03 | 000,000,786 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.25 20:21:25 | 063,541,565 | ---- | C] () -- C:\Users\evandi\Desktop\rapidminer-5.2.008x32-install.exe
[2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png
[2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar
[2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml
[2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties
[2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore
[2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer
[2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer
[2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat
[2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar
[2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig
[2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId
[2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history
[2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid
[2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass
[2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore
[2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat
[2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.07.13 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Amazon
[2010.06.29 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Audacity
[2009.09.29 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Canon
[2010.06.07 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\com.adobe.ExMan
[2011.12.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Cornelsen
[2010.02.14 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Desktopicon
[2012.07.18 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Dropbox
[2008.10.05 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\FireShot
[2010.05.19 22:45:13 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\GetRightToGo
[2012.08.14 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\gtk-2.0
[2012.05.13 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\ICQ
[2010.11.07 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\InfraRecorder
[2010.12.02 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\inkscape
[2009.11.13 10:09:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\myphotobook
[2012.06.15 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\MySQL
[2012.09.03 09:15:35 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Nokia
[2012.05.29 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Notepad++
[2010.04.01 15:30:33 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Online Solutions
[2011.01.19 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\OpenOffice.org
[2012.09.03 09:15:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PC Suite
[2009.03.12 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\pdf995
[2012.09.03 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\PeerNetworking
[2011.08.29 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Philipp Winterberg
[2012.05.25 09:18:30 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\postgresql
[2012.10.23 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Samsung
[2010.02.24 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Scribus
[2010.04.13 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\Subversion
[2012.05.04 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\SumatraPDF
[2010.03.30 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\syntevo
[2011.12.12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\TeamViewer
[2009.01.02 00:07:07 | 000,000,000 | ---D | M] -- C:\Users\evandi\AppData\Roaming\WEBDE
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 30.10.2012 20:23:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,75% Memory free
6,19 Gb Paging File | 4,65 Gb Available in Paging File | 75,05% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 63,93 Gb Free Space | 28,81% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
 
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06294227-C1D9-4452-8790-01E55C822560}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{39EF8E6A-440D-465A-A8F1-0E8B702353AB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{5BE1C8A7-ACA0-4CEB-A902-7920FA058015}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe | 
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8557EBD9-86B8-4BC3-86BA-0460A955C0A4}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe | 
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D437FA88-B03F-4818-A490-22F00291D428}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{F8D69ED5-B2AF-411F-B9EC-AC092DE467C3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe | 
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe | 
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe | 
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe | 
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe | 
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe | 
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe | 
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe | 
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe | 
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe | 
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe | 
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe | 
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe | 
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe | 
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe | 
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe | 
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe | 
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1 
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 12:29:21 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description = 
 
Error - 29.10.2012 12:30:44 | Computer Name = evandi-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
 
Error - 30.10.2012 12:14:09 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2620
 
Error - 30.10.2012 12:14:10 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2620
 
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4227
 
Error - 30.10.2012 12:14:12 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4227
 
[ System Events ]
Error - 25.10.2012 05:03:00 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
 002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.10.2012 11:11:03 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.10.2012 01:48:31 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.10.2012 05:04:40 | Computer Name = evandi-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
 002268916327 wurde durch den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-01 09:54:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 7hq8loob.exe; Driver: C:\Users\evandi\AppData\Local\Temp\pxdiypog.sys


---- System - GMER 1.0.15 ----

SSDT   8D0FCA8E                                                                                     ZwCreateSection
SSDT   8D0FCA98                                                                                     ZwRequestWaitReplyPort
SSDT   8D0FCA93                                                                                     ZwSetContextThread
SSDT   8D0FCA9D                                                                                     ZwSetSecurityObject
SSDT   8D0FCAA2                                                                                     ZwSystemDebugControl
SSDT   8D0FCA2F                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                82AC68D8 4 Bytes  [8E, CA, 0F, 8D]
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                82AC6BFC 4 Bytes  [98, CA, 0F, 8D] {CWDE ; RETF 0x8d0f}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                82AC6C30 4 Bytes  [93, CA, 0F, 8D] {XCHG EBX, EAX; RETF 0x8d0f}
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                82AC6C94 4 Bytes  [9D, CA, 0F, 8D] {POPF ; RETF 0x8d0f}
.text  ntkrnlpa.exe!KeSetEvent + 619                                                                82AC6CDC 4 Bytes  [A2, CA, 0F, 8D]
.text  ...                                                                                          

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\ControlSet002\Services\upnphost\4,Windows automatically (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
besten Dank schonmal

andi

Alt 06.11.2012, 20:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Das dürfte der andere von dir angekündigte PC sein, richtig?

Schon irgendwelche Scans gemacht? Wenn ja => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten
__________________

__________________

Alt 07.11.2012, 19:35   #3
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



So ist es. Das ist der andere PC. Habe Avira drüer laufen lassen, ohne Befund. Danach dann Malwarebytes. folgend das Log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.06.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
evandi :: EVANDI-PC [Administrator]

06.11.2012 21:50:51
mbam-log-2012-11-06 (21-50-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 628754
Laufzeit: 4 Stunde(n), 58 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
sieht so aus, als sei da auch nix gefunden worden. was kann ich noch tun?

Andi
__________________

Alt 07.11.2012, 20:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logs bitte immer in CODE-Tags posten

Alt 08.11.2012, 20:38   #5
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



hier sind die beiden logs

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 21:25:46
-----------------------------
21:25:46.813    OS Version: Windows 6.0.6002 Service Pack 2
21:25:46.813    Number of processors: 2 586 0xF0D
21:25:46.816    ComputerName: EVANDI-PC  UserName: evandi
21:26:38.277    Initialize success
21:27:01.268    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:27:01.274    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:27:01.326    Disk 0 MBR read successfully
21:27:01.337    Disk 0 MBR scan
21:27:01.343    Disk 0 unknown MBR code
21:27:01.363    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       227216 MB offset 63
21:27:01.395    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11256 MB offset 465338790
21:27:01.430    Disk 0 scanning sectors +488392065
21:27:01.501    Disk 0 scanning C:\Windows\system32\drivers
21:27:10.414    Service scanning
21:27:27.279    Modules scanning
21:27:32.534    Disk 0 trace - called modules:
21:27:32.571    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
21:27:32.579    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86834ac8]
21:27:32.587    3 CLASSPNP.SYS[8b1ac8b3] -> nt!IofCallDriver -> [0x85d5f5f0]
21:27:32.596    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d0c028]
21:27:32.605    Scan finished successfully
21:27:48.988    Disk 0 MBR has been saved successfully to "C:\Users\evandi\Desktop\MBR.dat"
21:27:48.996    The log file has been saved successfully to "C:\Users\evandi\Desktop\aswMBR.txt"
         

Code:
ATTFilter
21:31:50.0266 5708  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:31:50.0503 5708  ============================================================
21:31:50.0503 5708  Current date / time: 2012/11/08 21:31:50.0503
21:31:50.0503 5708  SystemInfo:
21:31:50.0503 5708  
21:31:50.0503 5708  OS Version: 6.0.6002 ServicePack: 2.0
21:31:50.0503 5708  Product type: Workstation
21:31:50.0504 5708  ComputerName: EVANDI-PC
21:31:50.0504 5708  UserName: evandi
21:31:50.0504 5708  Windows directory: C:\Windows
21:31:50.0504 5708  System windows directory: C:\Windows
21:31:50.0504 5708  Processor architecture: Intel x86
21:31:50.0504 5708  Number of processors: 2
21:31:50.0504 5708  Page size: 0x1000
21:31:50.0504 5708  Boot type: Normal boot
21:31:50.0504 5708  ============================================================
21:31:51.0050 5708  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:31:51.0052 5708  ============================================================
21:31:51.0052 5708  \Device\Harddisk0\DR0:
21:31:51.0053 5708  MBR partitions:
21:31:51.0053 5708  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BBC8167
21:31:51.0053 5708  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BBC81A6, BlocksNum 0x15FC3DB
21:31:51.0053 5708  ============================================================
21:31:51.0065 5708  C: <-> \Device\Harddisk0\DR0\Partition1
21:31:51.0138 5708  D: <-> \Device\Harddisk0\DR0\Partition2
21:31:51.0138 5708  ============================================================
21:31:51.0139 5708  Initialize success
21:31:51.0139 5708  ============================================================
21:32:20.0460 1984  ============================================================
21:32:20.0460 1984  Scan started
21:32:20.0460 1984  Mode: Manual; SigCheck; TDLFS; 
21:32:20.0460 1984  ============================================================
21:32:20.0837 1984  ================ Scan system memory ========================
21:32:20.0837 1984  System memory - ok
21:32:20.0837 1984  ================ Scan services =============================
21:32:21.0019 1984  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:32:21.0199 1984  ACPI - ok
21:32:21.0206 1984  adfs - ok
21:32:21.0307 1984  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:21.0325 1984  AdobeFlashPlayerUpdateSvc - ok
21:32:21.0403 1984  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:32:21.0435 1984  adp94xx - ok
21:32:21.0508 1984  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:32:21.0536 1984  adpahci - ok
21:32:21.0565 1984  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:32:21.0586 1984  adpu160m - ok
21:32:21.0620 1984  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:32:21.0636 1984  adpu320 - ok
21:32:21.0679 1984  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:32:21.0802 1984  AeLookupSvc - ok
21:32:21.0880 1984  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:32:21.0937 1984  AFD - ok
21:32:21.0986 1984  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:32:22.0009 1984  agp440 - ok
21:32:22.0050 1984  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:32:22.0075 1984  aic78xx - ok
21:32:22.0322 1984  [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai          c:\program files\common files\akamai/netsession_win_b5e8a4c.dll
21:32:22.0322 1984  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
21:32:22.0340 1984  Akamai ( HiddenFile.Multi.Generic ) - warning
21:32:22.0340 1984  Akamai - detected HiddenFile.Multi.Generic (1)
21:32:22.0363 1984  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:32:22.0560 1984  ALG - ok
21:32:22.0611 1984  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:32:22.0634 1984  aliide - ok
21:32:22.0684 1984  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:32:22.0705 1984  amdagp - ok
21:32:22.0739 1984  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:32:22.0754 1984  amdide - ok
21:32:22.0775 1984  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:32:22.0843 1984  AmdK7 - ok
21:32:22.0876 1984  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:32:22.0949 1984  AmdK8 - ok
21:32:23.0037 1984  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:32:23.0073 1984  AntiVirSchedulerService - ok
21:32:23.0129 1984  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:32:23.0148 1984  AntiVirService - ok
21:32:23.0186 1984  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
21:32:23.0252 1984  ApfiltrService - ok
21:32:23.0293 1984  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:32:23.0318 1984  Appinfo - ok
21:32:23.0407 1984  [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:32:23.0425 1984  Apple Mobile Device - ok
21:32:23.0454 1984  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:32:23.0472 1984  arc - ok
21:32:23.0518 1984  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:32:23.0539 1984  arcsas - ok
21:32:23.0580 1984  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:23.0661 1984  AsyncMac - ok
21:32:23.0708 1984  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:32:23.0733 1984  atapi - ok
21:32:23.0819 1984  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:32:23.0941 1984  athr - ok
21:32:24.0011 1984  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:32:24.0059 1984  AudioEndpointBuilder - ok
21:32:24.0089 1984  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:32:24.0115 1984  Audiosrv - ok
21:32:24.0159 1984  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:32:24.0219 1984  avgntflt - ok
21:32:24.0251 1984  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:32:24.0266 1984  avipbb - ok
21:32:24.0282 1984  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:32:24.0295 1984  avkmgr - ok
21:32:24.0350 1984  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
21:32:24.0592 1984  BCM43XV - ok
21:32:24.0621 1984  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:32:24.0698 1984  Beep - ok
21:32:24.0790 1984  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:32:24.0876 1984  BFE - ok
21:32:24.0938 1984  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
21:32:25.0047 1984  BITS - ok
21:32:25.0065 1984  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:32:25.0124 1984  blbdrive - ok
21:32:25.0214 1984  [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:32:25.0266 1984  Bonjour Service - ok
21:32:25.0330 1984  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:32:25.0395 1984  bowser - ok
21:32:25.0449 1984  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:32:25.0514 1984  BrFiltLo - ok
21:32:25.0532 1984  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:32:25.0618 1984  BrFiltUp - ok
21:32:25.0660 1984  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:32:25.0763 1984  Browser - ok
21:32:25.0819 1984  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:32:25.0949 1984  Brserid - ok
21:32:25.0989 1984  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:32:26.0098 1984  BrSerWdm - ok
21:32:26.0117 1984  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:32:26.0220 1984  BrUsbMdm - ok
21:32:26.0242 1984  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:32:26.0291 1984  BrUsbSer - ok
21:32:26.0343 1984  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:32:26.0409 1984  BTHMODEM - ok
21:32:26.0453 1984  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:32:26.0501 1984  cdfs - ok
21:32:26.0550 1984  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:32:26.0584 1984  cdrom - ok
21:32:26.0625 1984  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:32:26.0688 1984  CertPropSvc - ok
21:32:26.0712 1984  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
21:32:26.0760 1984  circlass - ok
21:32:26.0825 1984  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:32:26.0854 1984  CLFS - ok
21:32:26.0906 1984  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:26.0925 1984  clr_optimization_v2.0.50727_32 - ok
21:32:27.0060 1984  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:27.0127 1984  clr_optimization_v4.0.30319_32 - ok
21:32:27.0158 1984  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:32:27.0238 1984  CmBatt - ok
21:32:27.0262 1984  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:32:27.0292 1984  cmdide - ok
21:32:27.0342 1984  [ 2E39F9C51912F4F211B0334AED33E7BD ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:32:27.0412 1984  CnxtHdAudService - ok
21:32:27.0497 1984  [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb         C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:32:27.0518 1984  Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
21:32:27.0518 1984  Com4Qlb - detected UnsignedFile.Multi.Generic (1)
21:32:27.0558 1984  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:32:27.0574 1984  Compbatt - ok
21:32:27.0583 1984  COMSysApp - ok
21:32:27.0608 1984  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:32:27.0622 1984  crcdisk - ok
21:32:27.0657 1984  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:32:27.0685 1984  Crusoe - ok
21:32:27.0735 1984  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:32:27.0816 1984  CryptSvc - ok
21:32:27.0876 1984  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
21:32:27.0920 1984  CVirtA - ok
21:32:28.0029 1984  [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:32:28.0266 1984  CVPND - ok
21:32:28.0324 1984  [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:32:28.0387 1984  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:32:28.0387 1984  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:32:28.0443 1984  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:32:28.0565 1984  DcomLaunch - ok
21:32:28.0624 1984  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:32:28.0670 1984  DfsC - ok
21:32:28.0770 1984  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:32:29.0084 1984  DFSR - ok
21:32:29.0168 1984  [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:32:29.0182 1984  dg_ssudbus - ok
21:32:29.0262 1984  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:32:29.0323 1984  Dhcp - ok
21:32:29.0449 1984  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:32:29.0475 1984  disk - ok
21:32:29.0549 1984  [ 694616F813FB627A32C9E32DEC133078 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
21:32:29.0563 1984  DNE - ok
21:32:29.0617 1984  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:32:29.0668 1984  Dnscache - ok
21:32:29.0724 1984  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:32:29.0785 1984  dot3svc - ok
21:32:29.0828 1984  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:32:29.0873 1984  DPS - ok
21:32:29.0935 1984  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:32:29.0986 1984  drmkaud - ok
21:32:30.0057 1984  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:32:30.0139 1984  DXGKrnl - ok
21:32:30.0200 1984  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:32:30.0251 1984  E1G60 - ok
21:32:30.0305 1984  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:32:30.0346 1984  EapHost - ok
21:32:30.0400 1984  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:32:30.0420 1984  Ecache - ok
21:32:30.0469 1984  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:32:30.0493 1984  ehRecvr - ok
21:32:30.0509 1984  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:32:30.0550 1984  ehSched - ok
21:32:30.0576 1984  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:32:30.0591 1984  ehstart - ok
21:32:30.0654 1984  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:32:30.0679 1984  elxstor - ok
21:32:30.0746 1984  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:32:30.0850 1984  EMDMgmt - ok
21:32:30.0884 1984  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:32:30.0928 1984  ErrDev - ok
21:32:30.0994 1984  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:32:31.0044 1984  EventSystem - ok
21:32:31.0093 1984  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:32:31.0165 1984  exfat - ok
21:32:31.0213 1984  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:32:31.0252 1984  fastfat - ok
21:32:31.0290 1984  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:32:31.0343 1984  fdc - ok
21:32:31.0383 1984  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:32:31.0421 1984  fdPHost - ok
21:32:31.0430 1984  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:32:31.0529 1984  FDResPub - ok
21:32:31.0570 1984  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:32:31.0590 1984  FileInfo - ok
21:32:31.0623 1984  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:32:31.0691 1984  Filetrace - ok
21:32:31.0765 1984  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:32:31.0846 1984  FLEXnet Licensing Service - ok
21:32:31.0882 1984  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:31.0945 1984  flpydisk - ok
21:32:31.0994 1984  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:32:32.0013 1984  FltMgr - ok
21:32:32.0108 1984  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
21:32:32.0197 1984  FontCache - ok
21:32:32.0272 1984  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:32.0289 1984  FontCache3.0.0.0 - ok
21:32:32.0317 1984  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:32:32.0353 1984  Fs_Rec - ok
21:32:32.0406 1984  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:32:32.0431 1984  gagp30kx - ok
21:32:32.0507 1984  [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:32:32.0534 1984  GameConsoleService - ok
21:32:32.0565 1984  [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:32:32.0582 1984  GEARAspiWDM - ok
21:32:32.0637 1984  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:32:32.0737 1984  gpsvc - ok
21:32:32.0836 1984  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:32.0852 1984  gupdate - ok
21:32:32.0882 1984  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:32.0898 1984  gupdatem - ok
21:32:32.0973 1984  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:32:32.0993 1984  gusvc - ok
21:32:33.0044 1984  [ DE15777902A5D9121857D155873A1D1B ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
21:32:33.0096 1984  HBtnKey - ok
21:32:33.0170 1984  [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
21:32:33.0211 1984  HdAudAddService - ok
21:32:33.0282 1984  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:33.0390 1984  HDAudBus - ok
21:32:33.0447 1984  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:32:33.0536 1984  HidBth - ok
21:32:33.0576 1984  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:32:33.0630 1984  HidIr - ok
21:32:33.0676 1984  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
21:32:33.0712 1984  hidserv - ok
21:32:33.0747 1984  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:32:33.0791 1984  HidUsb - ok
21:32:33.0828 1984  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:32:33.0886 1984  hkmsvc - ok
21:32:33.0971 1984  [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:32:34.0008 1984  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:32:34.0009 1984  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:32:34.0046 1984  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:32:34.0071 1984  HpCISSs - ok
21:32:34.0101 1984  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:32:34.0172 1984  HpqKbFiltr - ok
21:32:34.0239 1984  [ F8968C9778F25A90A35755C3C97C7F62 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
21:32:34.0254 1984  hpqwmiex - ok
21:32:34.0310 1984  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:32:34.0367 1984  HSFHWAZL - ok
21:32:34.0432 1984  [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:32:34.0518 1984  HSF_DPV - ok
21:32:34.0540 1984  [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:32:34.0588 1984  HSXHWAZL - ok
21:32:34.0649 1984  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:32:34.0722 1984  HTTP - ok
21:32:34.0787 1984  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:32:34.0818 1984  i2omp - ok
21:32:34.0878 1984  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:34.0943 1984  i8042prt - ok
21:32:35.0025 1984  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:32:35.0071 1984  IAANTMON - ok
21:32:35.0116 1984  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:32:35.0155 1984  iaStor - ok
21:32:35.0183 1984  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:32:35.0212 1984  iaStorV - ok
21:32:35.0257 1984  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:32:35.0285 1984  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:32:35.0285 1984  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:32:35.0352 1984  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:35.0443 1984  idsvc - ok
21:32:35.0527 1984  [ 04E385059DA704EC6659DDB1526C4193 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:32:35.0713 1984  igfx - ok
21:32:35.0759 1984  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:32:35.0781 1984  iirsp - ok
21:32:35.0839 1984  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:32:35.0900 1984  IKEEXT - ok
21:32:35.0959 1984  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:32:35.0973 1984  intelide - ok
21:32:35.0997 1984  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:32:36.0041 1984  intelppm - ok
21:32:36.0071 1984  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:32:36.0108 1984  IPBusEnum - ok
21:32:36.0130 1984  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:36.0197 1984  IpFilterDriver - ok
21:32:36.0248 1984  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:32:36.0306 1984  iphlpsvc - ok
21:32:36.0314 1984  IpInIp - ok
21:32:36.0335 1984  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:32:36.0384 1984  IPMIDRV - ok
21:32:36.0407 1984  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:32:36.0462 1984  IPNAT - ok
21:32:36.0493 1984  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:32:36.0580 1984  IRENUM - ok
21:32:36.0614 1984  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:32:36.0634 1984  isapnp - ok
21:32:36.0683 1984  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:36.0714 1984  iScsiPrt - ok
21:32:36.0753 1984  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:32:36.0774 1984  iteatapi - ok
21:32:36.0802 1984  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:32:36.0818 1984  iteraid - ok
21:32:36.0847 1984  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:36.0861 1984  kbdclass - ok
21:32:36.0895 1984  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:36.0926 1984  kbdhid - ok
21:32:36.0967 1984  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
21:32:36.0984 1984  KeyIso - ok
21:32:37.0055 1984  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:32:37.0106 1984  KSecDD - ok
21:32:37.0175 1984  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:32:37.0280 1984  KtmRm - ok
21:32:37.0334 1984  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:32:37.0366 1984  LanmanServer - ok
21:32:37.0410 1984  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:32:37.0467 1984  LanmanWorkstation - ok
21:32:37.0537 1984  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:32:37.0556 1984  LightScribeService - ok
21:32:37.0586 1984  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:32:37.0646 1984  lltdio - ok
21:32:37.0703 1984  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:32:37.0794 1984  lltdsvc - ok
21:32:37.0820 1984  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:32:37.0915 1984  lmhosts - ok
21:32:37.0949 1984  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:32:37.0965 1984  LSI_FC - ok
21:32:37.0998 1984  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:32:38.0014 1984  LSI_SAS - ok
21:32:38.0053 1984  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:32:38.0068 1984  LSI_SCSI - ok
21:32:38.0089 1984  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:32:38.0168 1984  luafv - ok
21:32:38.0229 1984  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:32:38.0244 1984  MBAMProtector - ok
21:32:38.0323 1984  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:32:38.0366 1984  MBAMScheduler - ok
21:32:38.0437 1984  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:32:38.0489 1984  MBAMService - ok
21:32:38.0588 1984  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:32:38.0615 1984  Mcx2Svc - ok
21:32:38.0663 1984  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:32:38.0700 1984  mdmxsdk - ok
21:32:38.0751 1984  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:32:38.0765 1984  megasas - ok
21:32:38.0826 1984  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:32:38.0869 1984  MegaSR - ok
21:32:38.0939 1984  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:32:38.0974 1984  MMCSS - ok
21:32:39.0007 1984  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:32:39.0045 1984  Modem - ok
21:32:39.0062 1984  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:32:39.0123 1984  monitor - ok
21:32:39.0155 1984  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:32:39.0178 1984  mouclass - ok
21:32:39.0196 1984  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:32:39.0243 1984  mouhid - ok
21:32:39.0262 1984  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:32:39.0287 1984  MountMgr - ok
21:32:39.0313 1984  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:32:39.0334 1984  mpio - ok
21:32:39.0358 1984  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:32:39.0413 1984  mpsdrv - ok
21:32:39.0469 1984  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:32:39.0545 1984  MpsSvc - ok
21:32:39.0580 1984  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:32:39.0594 1984  Mraid35x - ok
21:32:39.0627 1984  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:32:39.0668 1984  MRxDAV - ok
21:32:39.0716 1984  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:39.0765 1984  mrxsmb - ok
21:32:39.0813 1984  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:39.0855 1984  mrxsmb10 - ok
21:32:39.0883 1984  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:39.0924 1984  mrxsmb20 - ok
21:32:39.0965 1984  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
21:32:39.0990 1984  msahci - ok
21:32:40.0022 1984  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:32:40.0074 1984  msdsm - ok
21:32:40.0106 1984  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:32:40.0180 1984  MSDTC - ok
21:32:40.0216 1984  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:32:40.0278 1984  Msfs - ok
21:32:40.0308 1984  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:32:40.0323 1984  msisadrv - ok
21:32:40.0344 1984  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:32:40.0386 1984  MSiSCSI - ok
21:32:40.0394 1984  msiserver - ok
21:32:40.0445 1984  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:32:40.0473 1984  MSKSSRV - ok
21:32:40.0520 1984  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:40.0548 1984  MSPCLOCK - ok
21:32:40.0581 1984  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:32:40.0610 1984  MSPQM - ok
21:32:40.0649 1984  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:32:40.0667 1984  MsRPC - ok
21:32:40.0690 1984  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:40.0707 1984  mssmbios - ok
21:32:40.0717 1984  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:32:40.0776 1984  MSTEE - ok
21:32:40.0805 1984  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:32:40.0828 1984  Mup - ok
21:32:40.0862 1984  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:32:40.0932 1984  napagent - ok
21:32:40.0986 1984  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:32:41.0022 1984  NativeWifiP - ok
21:32:41.0069 1984  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:32:41.0103 1984  NDIS - ok
21:32:41.0135 1984  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:41.0171 1984  NdisTapi - ok
21:32:41.0184 1984  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:41.0220 1984  Ndisuio - ok
21:32:41.0240 1984  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:41.0264 1984  NdisWan - ok
21:32:41.0286 1984  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:32:41.0323 1984  NDProxy - ok
21:32:41.0341 1984  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:32:41.0413 1984  NetBIOS - ok
21:32:41.0460 1984  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:32:41.0517 1984  netbt - ok
21:32:41.0540 1984  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
21:32:41.0561 1984  Netlogon - ok
21:32:41.0597 1984  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:32:41.0668 1984  Netman - ok
21:32:41.0706 1984  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:32:41.0763 1984  netprofm - ok
21:32:41.0799 1984  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:41.0825 1984  NetTcpPortSharing - ok
21:32:41.0863 1984  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:32:41.0885 1984  nfrd960 - ok
21:32:41.0920 1984  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:32:41.0976 1984  NlaSvc - ok
21:32:42.0000 1984  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:32:42.0038 1984  Npfs - ok
21:32:42.0051 1984  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:32:42.0127 1984  nsi - ok
21:32:42.0153 1984  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:32:42.0224 1984  nsiproxy - ok
21:32:42.0327 1984  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:32:42.0439 1984  Ntfs - ok
21:32:42.0471 1984  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:32:42.0577 1984  ntrigdigi - ok
21:32:42.0599 1984  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:32:42.0652 1984  Null - ok
21:32:42.0687 1984  [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm60x32.sys
21:32:42.0747 1984  NVENETFD - ok
21:32:42.0769 1984  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:32:42.0784 1984  nvraid - ok
21:32:42.0812 1984  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:32:42.0829 1984  nvstor - ok
21:32:42.0866 1984  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:32:42.0884 1984  nv_agp - ok
21:32:42.0892 1984  NwlnkFlt - ok
21:32:42.0902 1984  NwlnkFwd - ok
21:32:42.0991 1984  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:32:43.0039 1984  odserv - ok
21:32:43.0104 1984  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:32:43.0186 1984  ohci1394 - ok
21:32:43.0251 1984  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:43.0268 1984  ose - ok
21:32:43.0547 1984  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:32:44.0160 1984  osppsvc - ok
21:32:44.0232 1984  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:32:44.0310 1984  p2pimsvc - ok
21:32:44.0336 1984  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:32:44.0424 1984  p2psvc - ok
21:32:44.0480 1984  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:32:44.0589 1984  Parport - ok
21:32:44.0637 1984  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:32:44.0652 1984  partmgr - ok
21:32:44.0671 1984  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:32:44.0750 1984  Parvdm - ok
21:32:44.0796 1984  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:32:44.0824 1984  PcaSvc - ok
21:32:44.0879 1984  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:32:44.0906 1984  pccsmcfd - ok
21:32:44.0943 1984  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:32:44.0967 1984  pci - ok
21:32:44.0984 1984  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:32:45.0003 1984  pciide - ok
21:32:45.0037 1984  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:32:45.0061 1984  pcmcia - ok
21:32:45.0122 1984  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:32:45.0282 1984  PEAUTH - ok
21:32:45.0384 1984  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:32:45.0532 1984  pla - ok
21:32:45.0581 1984  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:32:45.0632 1984  PlugPlay - ok
21:32:45.0671 1984  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:32:45.0723 1984  PNRPAutoReg - ok
21:32:45.0771 1984  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:32:45.0802 1984  PNRPsvc - ok
21:32:45.0836 1984  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:32:45.0875 1984  PolicyAgent - ok
21:32:45.0984 1984  postgresql-9.1 - ok
21:32:46.0008 1984  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:32:46.0064 1984  PptpMiniport - ok
21:32:46.0097 1984  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:32:46.0147 1984  Processor - ok
21:32:46.0176 1984  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:32:46.0209 1984  ProfSvc - ok
21:32:46.0221 1984  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:32:46.0240 1984  ProtectedStorage - ok
21:32:46.0275 1984  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:32:46.0325 1984  PSched - ok
21:32:46.0408 1984  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:32:46.0526 1984  ql2300 - ok
21:32:46.0564 1984  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:32:46.0589 1984  ql40xx - ok
21:32:46.0634 1984  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:32:46.0694 1984  QWAVE - ok
21:32:46.0727 1984  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:32:46.0760 1984  QWAVEdrv - ok
21:32:46.0779 1984  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:32:46.0822 1984  RasAcd - ok
21:32:46.0840 1984  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:32:46.0886 1984  RasAuto - ok
21:32:46.0941 1984  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:32:46.0985 1984  Rasl2tp - ok
21:32:47.0023 1984  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:32:47.0062 1984  RasMan - ok
21:32:47.0093 1984  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:32:47.0138 1984  RasPppoe - ok
21:32:47.0169 1984  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:32:47.0191 1984  RasSstp - ok
21:32:47.0234 1984  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:32:47.0292 1984  rdbss - ok
21:32:47.0327 1984  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:32:47.0389 1984  RDPCDD - ok
21:32:47.0433 1984  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:32:47.0465 1984  rdpdr - ok
21:32:47.0472 1984  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:32:47.0518 1984  RDPENCDD - ok
21:32:47.0571 1984  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:32:47.0626 1984  RDPWD - ok
21:32:47.0692 1984  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:32:47.0753 1984  RemoteAccess - ok
21:32:47.0781 1984  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:32:47.0823 1984  RemoteRegistry - ok
21:32:47.0888 1984  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:32:47.0917 1984  RichVideo - ok
21:32:47.0936 1984  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:32:47.0970 1984  RpcLocator - ok
21:32:47.0999 1984  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
21:32:48.0088 1984  RpcSs - ok
21:32:48.0125 1984  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:32:48.0191 1984  rspndr - ok
21:32:48.0245 1984  [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:32:48.0308 1984  RTL8023xp - ok
21:32:48.0362 1984  [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
21:32:48.0405 1984  RTSTOR - ok
21:32:48.0435 1984  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
21:32:48.0469 1984  SamSs - ok
21:32:48.0513 1984  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:32:48.0527 1984  SASDIFSV - ok
21:32:48.0574 1984  [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM         C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:32:48.0587 1984  SASENUM - ok
21:32:48.0621 1984  [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:32:48.0633 1984  SASKUTIL - ok
21:32:48.0669 1984  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:32:48.0688 1984  sbp2port - ok
21:32:48.0737 1984  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:32:48.0766 1984  SCardSvr - ok
21:32:48.0835 1984  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:32:48.0954 1984  Schedule - ok
21:32:48.0975 1984  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:32:49.0006 1984  SCPolicySvc - ok
21:32:49.0025 1984  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:32:49.0073 1984  SDRSVC - ok
21:32:49.0106 1984  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:32:49.0209 1984  secdrv - ok
21:32:49.0237 1984  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:32:49.0304 1984  seclogon - ok
21:32:49.0322 1984  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:32:49.0390 1984  SENS - ok
21:32:49.0423 1984  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:32:49.0503 1984  Serenum - ok
21:32:49.0531 1984  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:32:49.0636 1984  Serial - ok
21:32:49.0663 1984  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:32:49.0710 1984  sermouse - ok
21:32:49.0816 1984  [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:32:49.0879 1984  ServiceLayer - ok
21:32:49.0947 1984  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:32:49.0983 1984  SessionEnv - ok
21:32:50.0001 1984  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:32:50.0049 1984  sffdisk - ok
21:32:50.0076 1984  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:32:50.0124 1984  sffp_mmc - ok
21:32:50.0144 1984  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:32:50.0191 1984  sffp_sd - ok
21:32:50.0207 1984  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:32:50.0256 1984  sfloppy - ok
21:32:50.0290 1984  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:32:50.0334 1984  SharedAccess - ok
21:32:50.0391 1984  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:32:50.0447 1984  ShellHWDetection - ok
21:32:50.0471 1984  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:32:50.0491 1984  sisagp - ok
21:32:50.0517 1984  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:32:50.0536 1984  SiSRaid2 - ok
21:32:50.0561 1984  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:32:50.0582 1984  SiSRaid4 - ok
21:32:50.0677 1984  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:32:50.0706 1984  SkypeUpdate - ok
21:32:50.0854 1984  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:32:51.0095 1984  slsvc - ok
21:32:51.0154 1984  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:32:51.0225 1984  SLUINotify - ok
21:32:51.0256 1984  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\drivers\Smb.sys
21:32:51.0306 1984  Smb - ok
21:32:51.0342 1984  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:32:51.0376 1984  SNMPTRAP - ok
21:32:51.0401 1984  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:32:51.0433 1984  spldr - ok
21:32:51.0497 1984  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:32:51.0555 1984  Spooler - ok
21:32:51.0611 1984  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:32:51.0682 1984  srv - ok
21:32:51.0728 1984  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:32:51.0773 1984  srv2 - ok
21:32:51.0808 1984  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:32:51.0866 1984  srvnet - ok
21:32:51.0904 1984  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:32:51.0976 1984  SSDPSRV - ok
21:32:52.0003 1984  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:32:52.0025 1984  ssmdrv - ok
21:32:52.0045 1984  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:32:52.0104 1984  SstpSvc - ok
21:32:52.0178 1984  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:32:52.0210 1984  ssudmdm - ok
21:32:52.0281 1984  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:32:52.0409 1984  stisvc - ok
21:32:52.0446 1984  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:32:52.0476 1984  swenum - ok
21:32:52.0518 1984  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:32:52.0607 1984  swprv - ok
21:32:52.0639 1984  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:32:52.0669 1984  Symc8xx - ok
21:32:52.0679 1984  SymIM - ok
21:32:52.0694 1984  SymIMMP - ok
21:32:52.0717 1984  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:32:52.0747 1984  Sym_hi - ok
21:32:52.0761 1984  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:32:52.0791 1984  Sym_u3 - ok
21:32:52.0836 1984  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:32:52.0936 1984  SysMain - ok
21:32:52.0990 1984  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:32:53.0013 1984  TabletInputService - ok
21:32:53.0043 1984  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:32:53.0097 1984  TapiSrv - ok
21:32:53.0127 1984  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:32:53.0197 1984  TBS - ok
21:32:53.0270 1984  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:32:53.0357 1984  Tcpip - ok
21:32:53.0410 1984  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:32:53.0479 1984  Tcpip6 - ok
21:32:53.0526 1984  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:32:53.0561 1984  tcpipreg - ok
21:32:53.0620 1984  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:32:53.0671 1984  TDPIPE - ok
21:32:53.0733 1984  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:32:53.0782 1984  TDTCP - ok
21:32:53.0832 1984  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:32:53.0904 1984  tdx - ok
21:32:54.0092 1984  [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6     C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
21:32:54.0267 1984  TeamViewer6 - ok
21:32:54.0452 1984  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:32:54.0623 1984  TeamViewer7 - ok
21:32:54.0649 1984  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:32:54.0676 1984  TermDD - ok
21:32:54.0722 1984  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:32:54.0827 1984  TermService - ok
21:32:54.0864 1984  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:32:54.0916 1984  Themes - ok
21:32:54.0947 1984  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:32:54.0981 1984  THREADORDER - ok
21:32:55.0015 1984  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:32:55.0082 1984  TrkWks - ok
21:32:55.0151 1984  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:32:55.0183 1984  TrustedInstaller - ok
21:32:55.0222 1984  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:55.0268 1984  tssecsrv - ok
21:32:55.0302 1984  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:32:55.0356 1984  tunmp - ok
21:32:55.0394 1984  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:32:55.0418 1984  tunnel - ok
21:32:55.0454 1984  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:32:55.0479 1984  uagp35 - ok
21:32:55.0535 1984  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:32:55.0562 1984  udfs - ok
21:32:55.0612 1984  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:32:55.0661 1984  UI0Detect - ok
21:32:55.0679 1984  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:32:55.0695 1984  uliagpkx - ok
21:32:55.0724 1984  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:32:55.0747 1984  uliahci - ok
21:32:55.0782 1984  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:32:55.0800 1984  UlSata - ok
21:32:55.0827 1984  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:32:55.0846 1984  ulsata2 - ok
21:32:55.0878 1984  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:32:55.0938 1984  umbus - ok
21:32:55.0969 1984  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:32:56.0053 1984  upnphost - ok
21:32:56.0128 1984  [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:32:56.0150 1984  USBAAPL - ok
21:32:56.0196 1984  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:56.0266 1984  usbccgp - ok
21:32:56.0300 1984  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:32:56.0348 1984  usbcir - ok
21:32:56.0394 1984  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:32:56.0433 1984  usbehci - ok
21:32:56.0458 1984  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:32:56.0484 1984  usbhub - ok
21:32:56.0511 1984  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:32:56.0554 1984  usbohci - ok
21:32:56.0587 1984  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:32:56.0647 1984  usbprint - ok
21:32:56.0688 1984  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:32:56.0745 1984  usbscan - ok
21:32:56.0790 1984  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:56.0820 1984  USBSTOR - ok
21:32:56.0852 1984  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:56.0891 1984  usbuhci - ok
21:32:56.0931 1984  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:32:56.0978 1984  usbvideo - ok
21:32:57.0027 1984  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
21:32:57.0070 1984  usb_rndisx - ok
21:32:57.0099 1984  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:32:57.0145 1984  UxSms - ok
21:32:57.0225 1984  [ 8F417B4B9985F0095CCAF37C58859C4E ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:32:57.0250 1984  VBoxDrv - ok
21:32:57.0303 1984  [ EF3F7E498AD2E617FDCBEE939A258015 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:32:57.0317 1984  VBoxNetAdp - ok
21:32:57.0371 1984  [ 0E6574175245ACFE0410947E415F408F ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:32:57.0385 1984  VBoxNetFlt - ok
21:32:57.0430 1984  [ 8ADAA94B516C7CB6962846E527FBCBFA ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:32:57.0445 1984  VBoxUSBMon - ok
21:32:57.0482 1984  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:32:57.0552 1984  vds - ok
21:32:57.0608 1984  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:57.0657 1984  vga - ok
21:32:57.0676 1984  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:32:57.0742 1984  VgaSave - ok
21:32:57.0770 1984  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:32:57.0794 1984  viaagp - ok
21:32:57.0822 1984  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:32:57.0869 1984  ViaC7 - ok
21:32:57.0897 1984  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:32:57.0920 1984  viaide - ok
21:32:57.0948 1984  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:32:57.0973 1984  volmgr - ok
21:32:58.0020 1984  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:32:58.0055 1984  volmgrx - ok
21:32:58.0113 1984  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:32:58.0154 1984  volsnap - ok
21:32:58.0192 1984  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:32:58.0208 1984  vsmraid - ok
21:32:58.0265 1984  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:32:58.0379 1984  VSS - ok
21:32:58.0464 1984  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:32:58.0529 1984  W32Time - ok
21:32:58.0581 1984  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:32:58.0683 1984  WacomPen - ok
21:32:58.0701 1984  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:32:58.0725 1984  Wanarp - ok
21:32:58.0732 1984  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:32:58.0756 1984  Wanarpv6 - ok
21:32:58.0779 1984  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:32:58.0837 1984  wcncsvc - ok
21:32:58.0875 1984  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:32:58.0901 1984  WcsPlugInService - ok
21:32:58.0935 1984  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:32:58.0950 1984  Wd - ok
21:32:58.0989 1984  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:32:59.0022 1984  Wdf01000 - ok
21:32:59.0046 1984  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:32:59.0097 1984  WdiServiceHost - ok
21:32:59.0103 1984  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:32:59.0135 1984  WdiSystemHost - ok
21:32:59.0175 1984  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:32:59.0221 1984  WebClient - ok
21:32:59.0271 1984  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:32:59.0293 1984  Wecsvc - ok
21:32:59.0312 1984  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:32:59.0358 1984  wercplsupport - ok
21:32:59.0403 1984  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:32:59.0441 1984  WerSvc - ok
21:32:59.0476 1984  [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:32:59.0597 1984  winachsf - ok
21:32:59.0646 1984  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:32:59.0680 1984  WinDefend - ok
21:32:59.0696 1984  WinHttpAutoProxySvc - ok
21:32:59.0757 1984  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:32:59.0784 1984  Winmgmt - ok
21:32:59.0866 1984  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:32:59.0985 1984  WinRM - ok
21:33:00.0062 1984  [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
21:33:00.0092 1984  WinUSB - ok
21:33:00.0137 1984  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:33:00.0233 1984  Wlansvc - ok
21:33:00.0283 1984  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:33:00.0320 1984  WmiAcpi - ok
21:33:00.0362 1984  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:33:00.0426 1984  wmiApSrv - ok
21:33:00.0501 1984  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:33:00.0592 1984  WMPNetworkSvc - ok
21:33:00.0627 1984  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:33:00.0651 1984  WPCSvc - ok
21:33:00.0685 1984  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:33:00.0708 1984  WPDBusEnum - ok
21:33:00.0761 1984  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:33:00.0806 1984  WpdUsb - ok
21:33:00.0967 1984  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:33:01.0052 1984  WPFFontCache_v0400 - ok
21:33:01.0096 1984  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:33:01.0157 1984  ws2ifsl - ok
21:33:01.0202 1984  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
21:33:01.0223 1984  wscsvc - ok
21:33:01.0229 1984  WSearch - ok
21:33:01.0347 1984  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:33:01.0487 1984  wuauserv - ok
21:33:01.0520 1984  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:01.0576 1984  WUDFRd - ok
21:33:01.0609 1984  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:33:01.0673 1984  wudfsvc - ok
21:33:01.0697 1984  [ 19E7C173B6242AD7521E537AE54768BF ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
21:33:01.0746 1984  XAudio - ok
21:33:01.0789 1984  [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
21:33:01.0881 1984  XAudioService - ok
21:33:01.0933 1984  ================ Scan global ===============================
21:33:01.0962 1984  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:33:02.0018 1984  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:33:02.0051 1984  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:33:02.0094 1984  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:33:02.0103 1984  [Global] - ok
21:33:02.0103 1984  ================ Scan MBR ==================================
21:33:02.0114 1984  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
21:33:02.0641 1984  \Device\Harddisk0\DR0 - ok
21:33:02.0641 1984  ================ Scan VBR ==================================
21:33:02.0645 1984  [ E9D04FF9D49AF026DF20599FAB73A555 ] \Device\Harddisk0\DR0\Partition1
21:33:02.0647 1984  \Device\Harddisk0\DR0\Partition1 - ok
21:33:02.0654 1984  [ 1A4CF1BD1D14B2FF7F4067D7EAAF3867 ] \Device\Harddisk0\DR0\Partition2
21:33:02.0656 1984  \Device\Harddisk0\DR0\Partition2 - ok
21:33:02.0658 1984  ============================================================
21:33:02.0658 1984  Scan finished
21:33:02.0658 1984  ============================================================
21:33:02.0675 4716  Detected object count: 5
21:33:02.0675 4716  Actual detected object count: 5
21:34:29.0547 4716  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:34:29.0547 4716  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
21:34:29.0555 4716  Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0555 4716  Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:34:29.0557 4716  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0557 4716  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:34:29.0561 4716  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0561 4716  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:34:29.0565 4716  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:29.0565 4716  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 08.11.2012, 22:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Hast offensichtlich nur nervige Werbung drauf

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> Startseite "http://www.searchnu.com/406" beim öffnen von Chrome

Alt 09.11.2012, 20:59   #7
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



das klingt ja schon mal gut !

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 09/11/2012 um 21:56:05 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\evandi\AppData\Roaming\Desktopicon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v11.0 (de)

Profilname : default 
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gefunden [l.1899] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [4242 octets] - [09/11/2012 21:56:05]

########## EOF - C:\AdwCleaner[R1].txt - [4302 octets] ##########
         

Alt 09.11.2012, 21:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Versuch bitte alle im adwCleaner-Log erwähnten Einträge (zB alle Toolbars oder Ilivid) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen.
Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________
Logs bitte immer in CODE-Tags posten

Alt 09.11.2012, 21:31   #9
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



auf den ersten Blick, hat sich trotz Löschen von ICQ und Mozilla zunächst nix geändert. Über die systemsteuerung bekomm ich aber grad die Toolbars und ilivid nicht eliminiert.

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 09/11/2012 um 22:29:00 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\evandi\AppData\Roaming\Desktopicon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gefunden [l.1929] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [4371 octets] - [09/11/2012 21:56:05]
AdwCleaner[R2].txt - [4431 octets] - [09/11/2012 21:57:09]
AdwCleaner[R3].txt - [4391 octets] - [09/11/2012 22:29:00]

########## EOF - C:\AdwCleaner[R3].txt - [4451 octets] ##########
         

Alt 09.11.2012, 21:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logs bitte immer in CODE-Tags posten

Alt 09.11.2012, 22:12   #11
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 09/11/2012 um 22:41:44 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : evandi - EVANDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\evandi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\evandi\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\evandi\AppData\Roaming\Desktopicon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\evandi\AppData\Roaming\Mozilla\Firefox\Profiles\yppgvz7i.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\evandi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gelöscht [l.1931] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [4371 octets] - [09/11/2012 21:56:05]
AdwCleaner[R2].txt - [4431 octets] - [09/11/2012 21:57:09]
AdwCleaner[R3].txt - [4520 octets] - [09/11/2012 22:29:00]
AdwCleaner[S1].txt - [4203 octets] - [09/11/2012 22:41:44]

########## EOF - C:\AdwCleaner[S1].txt - [4263 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.11.2012 22:50:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,02% Memory free
6,20 Gb Paging File | 4,52 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 68,18 Gb Free Space | 30,73% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
 
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\evandi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\PostgreSQL\9.1\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\9.1\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\libglesv2.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\libegl.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avformat-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\2c7c74d2fe184f55c0a0a517951e7f4a\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9349c70acb66665321bee19d331408a1\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3e83faa1ec8155e3d155fe585955a246\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\da3a360d4f099d3ff041307e7a1ce4ce\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\4efc3f2c84c757b5869422aab9e3dc4b\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\59cb702af31bcb9ded3d4493cded15a9\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\bb178a48944e63edba0ea540a1c8f4fd\PodcastService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8bdb480bdd341bbab06ad4dc3d149476\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ccf4179de5c33241ac22ed7a47c73b9c\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\98304df52775a014f274c09321fe9241\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c89c506ab88b933c87b81e5550fec75a\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\8d2d9b197570723b26a177097b962745\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\e04778c3d35d213522c80a8cd9f60b02\CPKTMusicPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1fdfb726828c51d29742ab493c8ded24\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\6ea3f7829f5fed3f3dc6ff397f0e256a\EBookManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\cb4304e9e1cde93f4d111858fb996dde\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d4b4eb99b1ae9735a4d1adc72472ec7c\AllShareController.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d18af3a8f0174681428791614bacb63c\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\aa8eb4ad4ad74f1805330fe03bf455c5\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\729aa8db14d8ec751bcb1038047b06f3\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7ba265e8b49087c5c48a3ffa40f14755\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a75a07721b35ff2169859d26f1fcb857\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7f6d1a69e33607d303f25185dfcff746\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a46d3e6a6bf0b8655727916bbbf67ef4\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\702d8607adbdbec8324b9dd5b1ee1c00\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6a1cd2ff344b0a2ff97f2d717f245f3b\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6cd41643731c0641280ee6a3830c29f2\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\f9bed07498f5a72c7025ccb9460269a4\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\162a5f6e31e7c7fc4d2eed54ec19d9c1\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\c8e717a4d0d75539ecae0a7654b6770b\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\97b8e7df643e75af9002eff26e49fb35\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8922fa7e1508459687031b70f7f8d8bf\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f309fa4fe307c4821993ffeb5580ce62\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\05451040884163ac6f935b3e6a486900\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\619b458b2103eedeff095fd20a0ee162\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\4b12836eb4d4958e490a1ba614971b41\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fac7605aed1c9c8b07c4e68ffdc0b4eb\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\23324d3d243863e74723ea9c2dc1af1b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f108203a60eadaff95b82bed51846431\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8d41dc5286f38925da6e1b9b32ce82c5\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (postgresql-9.1) -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (adfs) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\evandi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011.12.14 09:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Extensions
[2012.08.11 09:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions
[2010.05.17 19:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\{3ab3f8aa-8efc-46a5-86d9-21eb4fb070bb}
[2010.04.09 20:36:17 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\evandi\AppData\Roaming\mozilla\Firefox\Profiles\yppgvz7i.default\extensions\printpdf@pavlov.net
[2012.08.11 09:59:31 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\toolbar@web.de.xpi
[2012.08.03 17:53:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.11 09:59:36 | 000,002,209 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\englische-ergebnisse.xml
[2012.08.11 09:59:36 | 000,010,506 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\gmx-suche.xml
[2009.12.31 14:16:16 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-4.xml
[2010.01.07 10:07:04 | 000,000,950 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\icqplugin-5.xml
[2012.08.11 09:59:36 | 000,002,368 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\lastminute.xml
[2012.08.11 09:59:36 | 000,005,489 | ---- | M] () -- C:\Users\evandi\AppData\Roaming\mozilla\firefox\profiles\yppgvz7i.default\searchplugins\webde-suche.xml
[2012.11.09 22:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.27 18:34:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.11 19:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.23 18:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.21 18:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\evandi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [Akamai NetSession Interface] C:\Users\evandi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-4193417823-389615538-1104851014-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4193417823-389615538-1104851014-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4193417823-389615538-1104851014-1001\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab (Java Plug-in 1.5.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F79022-0CC0-411D-8EE7-2F749616FB2C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\evandi\Documents\02_Eva\MVAgusta.jpg
O24 - Desktop BackupWallPaper: C:\Users\evandi\Documents\02_Eva\MVAgusta.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell - "" = AutoRun
O33 - MountPoints2\{7afaa37f-06a6-11df-875d-fb16870360d0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.08 21:30:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\evandi\Desktop\tdsskiller.exe
[2012.11.08 20:43:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\evandi\Desktop\aswMBR.exe
[2012.11.08 10:24:31 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\Referat
[2012.11.01 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\evandi\Desktop\IKK
[2012.10.30 20:22:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.26 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidMiner 5
[2012.10.26 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\evandi\.RapidMiner5
[2012.10.25 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rapid-I
[2012.10.23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.10.23 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012.10.23 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\Samsung
[2012.10.23 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Roaming\Samsung
[2012.10.23 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\evandi\Documents\samsung
[2012.10.23 10:31:07 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2012.10.23 10:31:07 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller.dll
[2012.10.23 10:31:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012.10.23 10:31:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012.10.23 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\evandi\{7a4e0f6d-86b9-4412-89d4-621a276ca52a}
[2012.10.23 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.10.23 10:25:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.10.23 10:23:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012.10.23 10:23:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012.10.23 10:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.23 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.10.23 10:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.21 18:24:58 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.10.21 18:24:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.10.21 18:24:58 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.10.18 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\fontconfig
[2012.10.18 09:46:12 | 000,000,000 | ---D | C] -- C:\Users\evandi\.gimp-2.8
[2012.10.18 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\evandi\AppData\Local\gegl-0.2
[2012.10.18 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.10.11 10:44:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 10:43:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 10:43:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.03.05 12:51:18 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.09 22:51:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000UA.job
[2012.11.09 22:44:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.09 22:44:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 22:44:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 22:44:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.09 22:32:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.09 22:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.09 21:55:16 | 000,541,569 | ---- | M] () -- C:\Users\evandi\Desktop\adwcleaner.exe
[2012.11.08 21:30:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\evandi\Desktop\tdsskiller.exe
[2012.11.08 21:27:48 | 000,000,512 | ---- | M] () -- C:\Users\evandi\Desktop\MBR.dat
[2012.11.08 20:51:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4193417823-389615538-1104851014-1000Core.job
[2012.11.08 20:43:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\evandi\Desktop\aswMBR.exe
[2012.11.08 20:28:28 | 000,857,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.08 20:28:28 | 000,355,228 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.08 20:28:27 | 001,469,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.08 20:28:27 | 000,402,592 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.08 10:51:48 | 003,378,430 | ---- | M] () -- C:\Users\evandi\Desktop\Rezept Spätzle.pdf
[2012.11.06 21:44:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.04 21:32:56 | 000,012,615 | ---- | M] () -- C:\Users\evandi\Desktop\Lebenslauf Eva Thieme.pdf
[2012.11.04 21:32:52 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2012.11.01 17:00:20 | 000,001,356 | ---- | M] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.31 13:52:31 | 598,210,980 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.30 20:59:21 | 000,302,592 | ---- | M] () -- C:\Users\evandi\Desktop\7hq8loob.exe
[2012.10.30 20:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\evandi\Desktop\OTL.exe
[2012.10.30 17:36:37 | 000,000,000 | ---- | M] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:09 | 000,050,477 | ---- | M] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.26 10:28:15 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 19:26:09 | 000,011,711 | ---- | M] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[1 C:\Users\evandi\*.tmp files -> C:\Users\evandi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.09 21:55:05 | 000,541,569 | ---- | C] () -- C:\Users\evandi\Desktop\adwcleaner.exe
[2012.11.08 21:27:48 | 000,000,512 | ---- | C] () -- C:\Users\evandi\Desktop\MBR.dat
[2012.11.08 10:51:41 | 003,378,430 | ---- | C] () -- C:\Users\evandi\Desktop\Rezept Spätzle.pdf
[2012.11.06 21:44:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.04 21:32:51 | 000,012,615 | ---- | C] () -- C:\Users\evandi\Desktop\Lebenslauf Eva Thieme.pdf
[2012.11.01 17:00:20 | 000,001,356 | ---- | C] () -- C:\Users\evandi\.recently-used.xbel
[2012.10.30 20:59:15 | 000,302,592 | ---- | C] () -- C:\Users\evandi\Desktop\7hq8loob.exe
[2012.10.30 17:36:37 | 000,000,000 | ---- | C] () -- C:\Users\evandi\defogger_reenable
[2012.10.30 17:35:03 | 000,050,477 | ---- | C] () -- C:\Users\evandi\Desktop\Defogger.exe
[2012.10.26 10:28:15 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\RapidMiner 5.lnk
[2012.10.25 19:26:09 | 000,011,711 | ---- | C] () -- C:\Users\evandi\AppData\Local\recently-used.xbel
[2012.10.23 10:48:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.10.23 10:37:39 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012.10.18 09:36:33 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.09.03 09:08:30 | 000,024,206 | ---- | C] () -- C:\Users\evandi\AppData\Roaming\UserTile.png
[2011.11.19 16:14:09 | 000,307,200 | ---- | C] () -- C:\Users\evandi\jaudioMp3Win.tar
[2011.03.22 10:06:24 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2011.03.22 10:06:24 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2011.03.22 10:06:24 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2011.03.22 10:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2010.11.22 11:54:51 | 000,000,151 | ---- | C] () -- C:\Users\evandi\.vpsuite_installation.xml
[2010.11.22 11:51:34 | 000,000,135 | ---- | C] () -- C:\Users\evandi\.vpinstall.properties
[2010.06.08 09:35:07 | 000,001,392 | ---- | C] () -- C:\Users\evandi\.keystore
[2010.04.27 09:22:54 | 000,000,155 | ---- | C] () -- C:\Users\evandi\.appletviewer
[2010.04.26 12:25:18 | 000,000,146 | ---- | C] () -- C:\Users\evandi\.packettracer
[2010.04.20 15:21:30 | 000,000,019 | ---- | C] () -- C:\Users\evandi\killbat.bat
[2010.03.31 10:09:47 | 000,011,293 | ---- | C] () -- C:\Program Files\bibliothek_v2.jar
[2010.03.31 09:11:33 | 000,000,047 | ---- | C] () -- C:\Users\evandi\.gitconfig
[2010.03.23 10:17:02 | 000,000,036 | ---- | C] () -- C:\Users\evandi\.org.eclipse.epp.usagedata.recording.userId
[2009.10.29 12:55:41 | 000,001,517 | ---- | C] () -- C:\Users\evandi\.bash_history
[2009.10.11 16:57:26 | 000,000,004 | ---- | C] () -- C:\Users\evandi\tray.pid
[2009.10.11 15:58:44 | 000,000,116 | ---- | C] () -- C:\Users\evandi\.asadminpass
[2009.10.11 15:58:32 | 000,000,789 | ---- | C] () -- C:\Users\evandi\.asadmintruststore
[2008.10.18 20:19:43 | 000,005,648 | ---- | C] () -- C:\Users\evandi\AppData\Local\d3d9caps.dat
[2008.08.31 18:59:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.26 20:34:12 | 000,210,944 | ---- | C] () -- C:\Users\evandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

[/code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.11.2012 22:50:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\evandi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,02% Memory free
6,20 Gb Paging File | 4,52 Gb Available in Paging File | 72,94% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,89 Gb Total Space | 68,18 Gb Free Space | 30,73% Space Free | Partition Type: NTFS
Drive D: | 10,99 Gb Total Space | 2,41 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
 
Computer Name: EVANDI-PC | User Name: evandi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files\Git\bin\wish.exe" "C:\Program Files\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\system32\cmd.exe" /c "pushd "%1" && "C:\Program Files\Git\bin\sh.exe" --login -i" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081A6DD6-88F8-4775-8470-8CAB7B9943BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0B1ECC08-1896-4255-8C8C-C0B445071513}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{0BF2E500-DE53-43C5-A2D1-CA7375A52DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E2A2AD0-4F08-467B-A30A-A932C6CFB11E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{395EAC65-5579-4DF8-8421-7696F3F7DD81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{3B810F3C-2D78-45A4-9EE9-00D915491076}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{41D69A18-307D-4017-950C-65E748A71B5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{42277795-2E86-4F01-B4A4-CE9C201D473D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{453668F0-A31F-4D7D-B85D-41CB88A67BDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{63CF4ABF-FDC0-44F8-9A62-8C77FCE91DBF}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe | 
"{6D568BCA-F7CD-401A-9C16-58A93DAD0D96}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{73C339C4-569C-44D1-9171-AF68C607B35A}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{77FCB71F-C322-4A42-BC12-84D0692CBAA3}" = protocol=6 | dir=in | app=c:\users\evandi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8EEC79E9-EB66-4CDA-8FF7-27D9AD73000D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{94234B28-F998-4199-98FC-A9E4E176BC38}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{A68350F7-BB2B-48D7-AA75-247CE55CB821}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B28C7876-F45C-4E47-81FB-6413671F61A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BA0AE045-94B0-4282-B354-C989072C37F3}" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\akamai\netsession_win.exe | 
"{BB5FF21E-E56C-4470-A853-B3451C960118}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{C068A565-DDF6-443A-81AA-C1CFE11497F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D8B8EDDB-C87C-4B77-8944-122192B9945B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"TCP Query User{14A1A56D-16FB-4A54-AEF7-F675416FC74C}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"TCP Query User{1865153B-A440-47A7-B967-80C487A7C922}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe | 
"TCP Query User{1A07E288-EBC9-4D34-8340-DB2D5D522EB4}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe | 
"TCP Query User{1AE10D3E-4CE6-4B38-BE46-5ADE95873146}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{1FA0C890-14A6-445F-B684-8497A34341C8}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe | 
"TCP Query User{5B158015-1989-4C01-8D43-9B54AA44FF0E}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe | 
"TCP Query User{720CFD80-D2B9-4E10-8F0C-0FA8D2B69845}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{72B123D9-DA35-42E8-8580-5D46B574E294}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe | 
"TCP Query User{7E2A9FAA-95DD-47C2-8848-A75F7BC9666E}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe | 
"TCP Query User{7F47BBCA-C286-48EB-9112-1414FF84E93E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9188D65D-2939-4046-BE8A-A3FF0F1A2D19}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{A4ADFE89-4738-4BE5-BED0-8121181D16D3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A58FE1EA-430A-4A56-9F74-8F3281979982}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe | 
"TCP Query User{C7AF922F-A8DB-4E1E-849D-8A450E1A0EC8}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe | 
"TCP Query User{D9F32BBC-5BB7-4FCA-95C0-58BD35744CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F677F6D0-4F68-4CC8-9F9E-36F84EE29F30}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe | 
"UDP Query User{0E775944-2815-48D1-B722-7E27ABBDE040}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe | 
"UDP Query User{3B810526-B591-4AA1-87D9-40F08BE21389}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3FFB0BCF-8F10-4F6D-97C1-BAE55A6F4202}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe | 
"UDP Query User{43F7AE98-262B-4D1E-B9A4-DF5E532351BE}C:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4 plug-in\eclipse-host-distro\eclipse.exe | 
"UDP Query User{43FFFDCF-F15E-416C-8D80-96D087AF85D2}C:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\03_allgemein\exen\eclipse-java-galileo-sr2-win32\eclipse\eclipse.exe | 
"UDP Query User{5562EC4F-4393-4C98-A8E8-2DD9DABF9125}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{56DF85AF-7E1A-4F89-B5CB-BEAE0E167268}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe | 
"UDP Query User{615D8F9A-B01C-42E4-9019-E62F167AACD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6431A6B2-E999-42F3-8069-3D980CB6D158}C:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\documents\02_eva\studium\06_semester\datenbanken\eclipse-jee-indigo-sr2-win32\eclipse\eclipse.exe | 
"UDP Query User{6C7029A3-71F0-4249-9351-90C5AEBF3D82}C:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\bin\rmiregistry.exe | 
"UDP Query User{6EFE973B-0AF2-4C61-9433-12E5EB0EA13B}C:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe | 
"UDP Query User{75A978BD-18D4-4C76-B6DD-A443BE7C9F2E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{AA0DC950-4D18-42D0-989E-B0FAC736158D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AE00E15A-9561-44E6-AB97-CD2702A1C517}C:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\evandi\appdata\local\temp\rar$ex63.760\eclipse\eclipse.exe | 
"UDP Query User{B3C9EC61-5CAC-40CB-94E5-F5CF7A906206}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{DA3843A1-A0B1-4946-8462-2F32EDEBA509}C:\program files\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_20\jre\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD69F8-EC89-4750-B549-E0C80AC3C98F}" = Oracle VM VirtualBox 4.1.4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E3DF0E76-825F-4377-9BB6-F8F1DC204287}" = MySQL Workbench 5.2 CE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free RAR Extract Frog" = Free RAR Extract Frog
"GIMP-2_is1" = GIMP 2.8.2
"Git_is1" = Git 1.6.5.1-preview20091022
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImageJ_is1" = ImageJ 1.43u
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Notepad++" = Notepad++
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PostgreSQL 9.1" = PostgreSQL 9.1 
"PRJSTDR" = Microsoft Office Project Standard 2007
"Scribus 1.3.5" = Scribus 1.3.5.1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SmartGit 1.5_is1" = SmartGit 1.5.2
"SmartGit 1_is1" = SmartGit 1.0.4
"SumatraPDF" = SumatraPDF
"SWFPlayer_is1" = SWFPlayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TightVNC_is1" = TightVNC 1.3.9
"TVWiz" = Intel(R) TV Wizard
"VP Suite 5.0" = VP Suite 5.0
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4193417823-389615538-1104851014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"RapidMiner 5" = RapidMiner 5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.11.2012 07:02:53 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4883
 
Error - 09.11.2012 07:02:53 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4883
 
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5928
 
Error - 09.11.2012 07:02:54 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5928
 
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6942
 
Error - 09.11.2012 07:02:55 | Computer Name = evandi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6942
 
Error - 09.11.2012 16:51:26 | Computer Name = evandi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2012 16:54:26 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description = 
 
Error - 09.11.2012 16:54:49 | Computer Name = evandi-PC | Source = PerfNet | ID = 2004
Description = 
 
Error - 09.11.2012 17:44:55 | Computer Name = evandi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.11.2012 16:50:21 | Computer Name = evandi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.11.2012 um 14:07:47 unerwartet heruntergefahren.
 
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.11.2012 16:51:27 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.11.2012 16:53:33 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.11.2012 17:44:58 | Computer Name = evandi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

Alt 10.11.2012, 00:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Sieht ja gut aus. Ist searchnu jetzt weg?
__________________
Logs bitte immer in CODE-Tags posten

Alt 11.11.2012, 18:23   #13
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



jep

so isses. sind wir durch?

Alt 11.11.2012, 21:03   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logs bitte immer in CODE-Tags posten

Alt 13.11.2012, 21:23   #15
andi2107
 
Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Standard

Startseite "http://www.searchnu.com/406" beim öffnen von Chrome



hier zunächst malaware

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.13.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
evandi :: EVANDI-PC [Administrator]

13.11.2012 21:57:24
mbam-log-2012-11-13 (21-57-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233104
Laufzeit: 11 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Startseite "http://www.searchnu.com/406" beim öffnen von Chrome
adobe after effects, akamai, antivir, autorun, avira, bho, bonjour, c:\windows\system32\cmd.exe, document, entfernen, error, excel, firefox, flash player, hijack, hijackthis, home, http://www.searchnu.com/406, hängen, iexplore.exe, intranet, launch, logfile, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, third party, usb 2.0, vista



Ähnliche Themen: Startseite "http://www.searchnu.com/406" beim öffnen von Chrome


  1. "web.de"-Startseite beim Öffnen eines neuen Tabs
    Plagegeister aller Art und deren Bekämpfung - 24.05.2015 (2)
  2. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  3. Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.
    Log-Analyse und Auswertung - 01.08.2014 (3)
  4. Beim Öffnen von Mozilla FireFox immer wieder "http://istart.webssearches.com"
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (9)
  5. Startseite "http://search.conduit.com"
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (11)
  6. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  7. Ungwollte Startseite/Suchmaschine: " http://www.searchnu.com/413" - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (11)
  8. Ungewollte Startseite bei Chrome: " http://wisersearch.com/?channel=de_nt" - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (17)
  9. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  10. ohne mein zutun wird "http://wisersearch.com/?channel=de" als Startseite ausgeführt.
    Log-Analyse und Auswertung - 26.09.2013 (19)
  11. Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (17)
  12. "Funmoods Search" Startseite in Chrome lässt sich nicht entfernen - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  13. Startseite " http://www.searchnu.com/406 " bei CHROME
    Log-Analyse und Auswertung - 29.10.2012 (14)
  14. Trojaner an Board? "http://www.searchnu.com/410" , wie werde ich wieder los?
    Log-Analyse und Auswertung - 17.05.2012 (1)
  15. ungewollte startseite "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (11)
  16. als startseite erscheint "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (10)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Startseite "http://www.searchnu.com/406" beim öffnen von Chrome - Hallo, habe o.a. Plagegeist in meiner Startseite. Ich hoffe, ihr könnt mir helfen. Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 30.10.2012 20:23:53 - Run 1 OTL by OldTimer - Startseite "http://www.searchnu.com/406" beim öffnen von Chrome...
Archiv
Du betrachtest: Startseite "http://www.searchnu.com/406" beim öffnen von Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.