GVU Trojana 2.07 Vista Hallo,
ich habe mir den GVU Trojana eingefangen und brauche eure Hilfe.
Hier die OTL und GMER Logs. Code:
OTL logfile created on: 25.07.2012 18:56:02 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\anna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,25% Memory free
6,23 Gb Paging File | 4,91 Gb Available in Paging File | 78,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 17,22 Gb Free Space | 11,95% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 20,30 Gb Free Space | 14,09% Space Free | Partition Type: NTFS
Computer Name: ANNA-PC | User Name: anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.25 18:50:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\anna\Desktop\OTL.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\anna\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.28 22:09:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.30 21:00:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.12.01 19:12:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.02 10:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 03:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.06.13 06:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 12:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007.04.24 11:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.14 03:44:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 03:40:56 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:40:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.13 17:35:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 17:32:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.13 17:28:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.13 17:28:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.04.16 01:09:32 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.04.16 01:09:32 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.04.16 01:09:32 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.04.16 01:09:32 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.04.16 01:09:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.04.16 01:09:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.04.16 01:09:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.04.16 01:09:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.04.16 01:09:30 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.04.16 01:09:00 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.04.16 01:09:00 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.04.16 01:09:00 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:59 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.04.16 01:08:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.04.16 01:08:56 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.04.16 01:08:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.04.16 01:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.04.16 01:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.04.16 01:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.04.16 01:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.04.16 01:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.04.16 01:08:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.04.16 01:08:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.04.16 01:08:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.04.16 01:08:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.04.16 01:08:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.04.16 01:08:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.04.16 01:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.04.16 01:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.04.16 01:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.04.16 01:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.04.16 01:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.2939.23715__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2939.23762__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.04.16 01:08:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.04.16 01:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.04.16 01:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.04.16 01:08:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.04.16 01:08:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.04.16 01:08:29 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.04.16 01:08:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.04.16 01:08:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.04.16 01:08:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.04.16 01:08:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.04.16 01:08:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.04.16 01:08:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.04.16 01:08:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.04.16 01:08:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.04.16 01:08:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.04.16 01:08:18 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.04.16 01:08:18 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.04.16 01:08:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.04.16 01:08:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.04.16 01:08:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.04.16 01:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.04.16 01:08:10 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.04.16 01:08:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.04.16 01:08:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.04.16 01:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.04.16 01:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.16 01:08:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.04.16 01:08:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll
MOD - [2008.04.16 01:08:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.03.18 15:04:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.18 05:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008.02.04 06:29:02 | 000,688,128 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007.04.24 11:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.09.19 02:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.05.27 13:48:15 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.28 22:09:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 21:00:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.08 23:34:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.28 11:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\anna\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2011.06.28 22:09:25 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 22:09:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.16 01:28:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.03.18 15:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.03.18 15:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.10.17 08:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=c865d5940000000000000021632c7582
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=c865d5940000000000000021632c7582
IE - HKCU\..\SearchScopes\{9DA2D133-2480-473A-B645-BF105DCBE01D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=971163&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163&ilc=12"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\anna\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.01.17 16:39:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.01.17 16:39:41 | 000,000,000 | ---D | M]
[2009.07.11 13:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anna\AppData\Roaming\mozilla\Extensions
[2011.12.29 00:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions
[2010.08.10 12:14:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.07 17:06:38 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.07 17:06:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.12 12:18:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.15 03:00:32 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\anna\AppData\Roaming\mozilla\Firefox\Profiles\jt3ky52d.default\extensions\ffxtlbr@babylon.com
[2010.10.07 17:31:15 | 000,000,873 | ---- | M] () -- C:\Users\anna\AppData\Roaming\Mozilla\Firefox\Profiles\jt3ky52d.default\searchplugins\conduit.xml
[2011.12.29 14:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.11 20:22:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.26 22:58:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.12.28 23:26:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.10.11 20:22:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.02.21 20:18:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.08.26 22:58:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.12.28 23:26:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.15 03:00:15 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - homepage: chrome://newtab/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=971163&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\anna\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\anna\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\anna\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Better JTV = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnnheckmeppnahikljofploeeodidhj\1.1.1_0\
CHR - Extension: Google Mail = C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\anna\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [fitea.exe] C:\Users\anna\AppData\Roaming\Pyqa\fitea.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\anna\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\anna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 195.58.160.194 195.58.161.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98522A9A-7D55-4197-A806-CA9F680A968E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\anna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.08 16:21:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{237b0f72-ecbf-11df-a301-0024540ab6e5}\Shell - "" = AutoRun
O33 - MountPoints2\{237b0f72-ecbf-11df-a301-0024540ab6e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{237b0f74-ecbf-11df-a301-0024540ab6e5}\Shell\AutoRun\command - "" = lavica\\lovokradica.exe
O33 - MountPoints2\{237b0f74-ecbf-11df-a301-0024540ab6e5}\Shell\explore\command - "" = lavica\\\lovokradica.exe
O33 - MountPoints2\{237b0f74-ecbf-11df-a301-0024540ab6e5}\Shell\open\command - "" = lavica\\\lovokradica.exe
O33 - MountPoints2\{755ba67a-c3ad-11de-8658-0024540ab6e5}\Shell\AutoRun\command - "" = F:\start.bat
O33 - MountPoints2\{c080eab3-1629-11df-be07-0024540ab6e5}\Shell\AutoRun\command - "" = F:\RINTAM///celunoc.exe
O33 - MountPoints2\{c080eab3-1629-11df-be07-0024540ab6e5}\Shell\explore\command - "" = F:\RINTAM///celunoc.exe
O33 - MountPoints2\{c080eab3-1629-11df-be07-0024540ab6e5}\Shell\open\command - "" = F:\RINTAM///celunoc.exe
O33 - MountPoints2\{e33cdf5b-718c-11e0-aa44-0024540ab6e5}\Shell - "" = AutoRun
O33 - MountPoints2\{e33cdf5b-718c-11e0-aa44-0024540ab6e5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ee2ed0e9-fb73-11de-8450-0024540ab6e5}\Shell - "" = AutoRun
O33 - MountPoints2\{ee2ed0e9-fb73-11de-8450-0024540ab6e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.25 18:50:39 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\anna\Desktop\OTL.exe
[2012.07.25 18:23:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.25 15:53:04 | 000,000,000 | ---D | C] -- C:\Users\anna\AppData\Roaming\Malwarebytes
[2012.07.25 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 15:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 15:52:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.25 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.18 14:34:12 | 000,000,000 | ---D | C] -- C:\Users\anna\Desktop\vpt antworten probeklausur
[2012.07.13 22:00:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012.07.13 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\anna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.27 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\anna\Desktop\drucken 26.7
========== Files - Modified Within 30 Days ==========
[2012.07.25 18:53:22 | 000,302,592 | ---- | M] () -- C:\Users\anna\Desktop\bk7scc41.exe
[2012.07.25 18:50:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\anna\Desktop\OTL.exe
[2012.07.25 18:47:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 18:46:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 18:46:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 18:45:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 18:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 18:44:51 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 18:35:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.25 18:29:40 | 000,000,000 | ---- | M] () -- C:\Users\anna\defogger_reenable
[2012.07.25 15:54:24 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.25 15:54:24 | 000,364,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.25 15:54:24 | 000,150,694 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.25 15:54:24 | 000,059,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 15:52:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.25 15:48:40 | 000,102,400 | ---- | M] () -- C:\Users\anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 13:16:31 | 000,111,194 | ---- | M] () -- C:\Users\anna\Desktop\prob.pdf
[2012.07.05 23:12:56 | 043,142,594 | ---- | M] () -- C:\Users\anna\Desktop\schnitt probe.pdf
[2012.07.05 13:25:47 | 273,882,337 | ---- | M] () -- C:\Users\anna\Desktop\PROBE 1.pdf
[2012.07.04 23:11:14 | 000,035,225 | ---- | M] () -- C:\Users\anna\Desktop\frotieren.pdf
[2012.07.04 15:13:18 | 000,076,338 | ---- | M] () -- C:\Users\anna\Desktop\P1070624 - Kopie.JPG
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.28 19:51:30 | 000,000,680 | ---- | M] () -- C:\Users\anna\AppData\Local\d3d9caps.dat
[2012.06.26 21:43:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.06.26 00:53:56 | 000,001,712 | ---- | M] () -- C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
========== Files Created - No Company Name ==========
[2012.07.25 18:53:19 | 000,302,592 | ---- | C] () -- C:\Users\anna\Desktop\bk7scc41.exe
[2012.07.25 18:29:40 | 000,000,000 | ---- | C] () -- C:\Users\anna\defogger_reenable
[2012.07.25 15:52:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.06 13:16:30 | 000,111,194 | ---- | C] () -- C:\Users\anna\Desktop\prob.pdf
[2012.07.05 23:12:28 | 043,142,594 | ---- | C] () -- C:\Users\anna\Desktop\schnitt probe.pdf
[2012.07.05 13:04:22 | 273,882,337 | ---- | C] () -- C:\Users\anna\Desktop\PROBE 1.pdf
[2012.07.04 16:37:59 | 000,035,225 | ---- | C] () -- C:\Users\anna\Desktop\frotieren.pdf
[2012.07.04 15:12:52 | 000,076,338 | ---- | C] () -- C:\Users\anna\Desktop\P1070624 - Kopie.JPG
[2012.06.26 21:54:35 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.26 00:53:56 | 000,001,712 | ---- | C] () -- C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.26 00:53:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.04.22 21:32:03 | 000,000,400 | ---- | C] () -- C:\Windows\g_iclink331.ini
[2012.04.22 21:32:03 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bcompbg777.dat
[2011.12.19 00:56:34 | 000,021,866 | ---- | C] () -- C:\Users\anna\AppData\Roaming\UserTile.png
[2011.11.20 14:00:23 | 000,058,248 | ---- | C] () -- C:\Users\anna\Guggenheim2.jpg
[2011.11.20 14:00:23 | 000,053,099 | ---- | C] () -- C:\Users\anna\guggenheim1.jpg
[2011.06.05 20:09:01 | 000,011,021 | ---- | C] () -- C:\Users\anna\krischanitz moskau_plandok.jp2
[2011.02.03 22:12:06 | 000,000,680 | ---- | C] () -- C:\Users\anna\AppData\Local\d3d9caps.dat
[2008.10.03 11:19:25 | 000,000,104 | ---- | C] () -- C:\Users\anna\Spiele - Verknüpfung.lnk
[2008.09.11 14:16:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.06 20:43:28 | 000,102,400 | ---- | C] () -- C:\Users\anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2009.11.10 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Autodesk
[2011.10.15 03:00:07 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Babylon
[2012.07.13 22:00:48 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.16 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.10.14 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.08.27 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\DataCast
[2012.07.25 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Dropbox
[2010.10.07 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\DVDVideoSoft
[2010.10.07 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.24 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Graphisoft
[2011.12.28 23:34:28 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Ipyvac
[2011.12.21 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\LolClient
[2010.05.29 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Octoshape
[2012.05.22 22:43:46 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\PDAppFlex
[2011.12.19 00:56:33 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\PeerNetworking
[2011.12.29 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\Pyqa
[2012.05.22 22:46:43 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.03 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\anna\AppData\Roaming\ZUB-Software
[2012.07.25 18:35:46 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 25.07.2012 18:56:02 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\anna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,25% Memory free
6,23 Gb Paging File | 4,91 Gb Available in Paging File | 78,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 17,22 Gb Free Space | 11,95% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 20,30 Gb Free Space | 14,09% Space Free | Partition Type: NTFS
Computer Name: ANNA-PC | User Name: anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7510ED58-B26B-4882-8706-07070936FA2B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9549590D-9E24-4396-B7EA-3D51467AD68A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A33920-74BB-4E1F-8665-76D91651157C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{34DA1B1B-E5BC-461B-91BF-722AF5847D86}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{531B82B2-8384-47D0-A8D7-85FA1E3CA536}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7BCC6D71-9702-47DF-8D03-B63CC0496E4F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8EFA8C20-D89C-4D64-A7E5-04DA8E621502}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8401EF9-4DDF-42F7-AA16-54734BAC4813}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FEB71A38-311D-412A-8C7D-ACE6F9E4BE4A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0BD37CD7-2F3B-4673-B3DF-F9C317582D5C}C:\users\anna\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\local\akamai\netsession_win.exe |
"TCP Query User{19B125BB-4538-4F08-8084-193EABAFBAD7}C:\program files\graphisoft\archicad 14\licensefilegenerator.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\licensefilegenerator.exe |
"TCP Query User{1B413771-BF77-464A-910E-A587267912EC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{28119C36-60D6-4248-AF0E-ABB4BAE4024B}C:\users\anna\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\local\akamai\netsession_win.exe |
"TCP Query User{40E705EF-3433-457E-A998-F6BBED3B9156}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4444FE67-FA14-49F0-AC70-E9B442F65538}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{59B5479D-4036-4F13-8E71-0E2A82B65EB9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{80B9A75B-69C0-4D25-9638-7E5FAD3BEE66}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{ADAD9B3B-F048-4822-BB39-97593299657D}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{B4F411D7-00C6-4E50-97B2-E5FFC2F243A1}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"TCP Query User{BDFCCA10-3976-4B7A-A3E3-8266B46A719A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{E6049F91-ADA4-43D6-94DF-99D9664E5637}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{E664CB85-CE17-4B77-9A06-2D70F59E3631}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E9F55500-5D91-466F-9F14-40EAA5A6BD17}C:\users\anna\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{F66804A6-074D-4C7A-8B79-F1C7A10175AB}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe |
"TCP Query User{F87C5179-C234-46A6-8971-F4675E416139}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{FC806862-CB4A-4F20-8443-EBCEFA6D682C}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"UDP Query User{310530B0-DC12-42F1-AE51-320B6C7D7EC2}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"UDP Query User{42AC81D7-E63F-4017-B424-6377874CE5A5}C:\users\anna\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{60D8BC6B-B496-4AE3-AA2F-93F87A57DCA8}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe |
"UDP Query User{8D2CBBA4-463D-4DBB-91D2-645E3207314B}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{908CEEB0-64A7-4304-A765-AA720C04A1ED}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{972C0E03-1FA4-481B-BF9B-57A21157A652}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A09D7B00-3B7B-4FCA-B0E6-4F721F6B9B60}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A242AF43-D3C4-4852-B46B-A03A3C1954FC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AB25865D-619D-40A1-A4EB-266314E47E7E}C:\users\anna\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B810C12C-2106-4253-ABF8-449BCB6404F0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{BCCB79E8-A0CB-420C-AAF8-2CA0BB170196}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C7120329-117A-46DD-A29C-5EF433C7D71C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{CAE92CEB-69AB-4F25-A1C1-8E4B00706CCE}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{CE98689D-D0C2-4A6B-8A65-556E6D4ECC3E}C:\users\anna\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E10F5246-FD17-450F-A28C-DBCB919F42AF}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"UDP Query User{EB2BBADA-C40F-4894-9F6E-3449488F65B8}C:\program files\graphisoft\archicad 14\licensefilegenerator.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\licensefilegenerator.exe |
"UDP Query User{F636098E-3FD5-447D-AF8D-9B8E0ECC99C3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista
"{560E96B3-356D-4572-9FE3-B44F9AB92622}" = CBL Daten-Shredder
"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek
"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager
"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese
"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New
"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch
"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish
"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Testversion
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish
"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard
"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean
"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish
"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins
"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"001FFF1FFF13FF00FF0201F00F02F000-R1" = ArchiCAD 13 GER
"001FFF1FFF14FF00FF0201F01F02F000-R1" = ArchiCAD 14 GER
"001FFFFFFF12FF00FF0201F05F02F000-R1" = ArchiCAD 12 GER
"030FFFFFFF12FF00FF0201F00F02F000-R1" = SketchUp Add-On AC12 GER
"AC2-FileShredder" = AC2-FileShredder 1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AutoCAD Architecture 2010 - Deutsch" = AutoCAD Architecture 2010 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPASS-HELENA®_Professional_5.4_is1" = EPASS-HELENA® 5.4 Professional
"EPASS-HELENA®_Ultra_5.4_is1" = EPASS-HELENA® 5.4 Ultra
"Free Studio_is1" = Free Studio version 4.9
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MyFreeCodec" = MyFreeCodec
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.09.2010 09:32:02 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:02 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.09.2010 09:32:03 | Computer Name = anna-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 25.07.2012 08:43:09 | Computer Name = anna-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR3.
Error - 25.07.2012 08:43:10 | Computer Name = anna-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR3.
Error - 25.07.2012 08:43:10 | Computer Name = anna-PC | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "F:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 25.07.2012 12:18:50 | Computer Name = anna-PC | Source = DCOM | ID = 10016
Description =
Error - 25.07.2012 12:18:54 | Computer Name = anna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.07.2012 12:18:54 | Computer Name = anna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.07.2012 12:33:06 | Computer Name = anna-PC | Source = DCOM | ID = 10010
Description =
Error - 25.07.2012 12:46:34 | Computer Name = anna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.07.2012 12:46:34 | Computer Name = anna-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.07.2012 12:47:40 | Computer Name = anna-PC | Source = DCOM | ID = 10016
Description =
< End of report > Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-25 20:27:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009
Running: bk7scc41.exe; Driver: C:\Users\anna\AppData\Local\Temp\kxldrpow.sys
---- System - GMER 1.0.15 ----
SSDT 8D4084FE ZwCreateSection
SSDT 8D408503 ZwSetContextThread
SSDT 8D40849F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInsertQueue + 405 824BFA3C 4 Bytes [FE, 84, 40, 8D]
.text ntoskrnl.exe!KeInsertQueue + 75D 824BFD94 4 Bytes [03, 85, 40, 8D]
.text ntoskrnl.exe!KeInsertQueue + 811 824BFE48 4 Bytes [9F, 84, 40, 8D] {LAHF ; TEST [EAX-0x73], AL}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC02000, 0x1F9F9A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + 6 774C424A 4 Bytes [28, 00, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + B 774C424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 774C499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 774C499A 4 Bytes [28, 03, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + B 774C499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + 6 774C4A2A 4 Bytes [68, 00, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + B 774C4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + 6 774C4AAA 4 Bytes [A8, 01, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + B 774C4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + B 774C4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + 6 774C4ACA 4 Bytes [A8, 02, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + B 774C4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + 6 774C4B1A 4 Bytes [68, 01, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + B 774C4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + 6 774C4B2A 4 Bytes [68, 02, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + B 774C4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + B 774C4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + 6 774C4BCA 4 Bytes [A8, 00, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + B 774C4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + B 774C4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + 6 774C515A 4 Bytes [28, 01, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + B 774C515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + 6 774C51AA 4 Bytes [28, 02, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + B 774C51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 4 Bytes [68, 03, 3E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + B 774C544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtCreateFile + 6 774C424A 4 Bytes [28, 00, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtCreateFile + B 774C424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtMapViewOfSection + 6 774C499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtMapViewOfSection + 6 774C499A 4 Bytes [28, 03, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtMapViewOfSection + B 774C499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenFile + 6 774C4A2A 4 Bytes [68, 00, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenFile + B 774C4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenProcess + 6 774C4AAA 4 Bytes [A8, 01, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenProcess + B 774C4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenProcessToken + B 774C4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenProcessTokenEx + 6 774C4ACA 4 Bytes [A8, 02, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenProcessTokenEx + B 774C4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenThread + 6 774C4B1A 4 Bytes [68, 01, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenThread + B 774C4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenThreadToken + 6 774C4B2A 4 Bytes [68, 02, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenThreadToken + B 774C4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtOpenThreadTokenEx + B 774C4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtQueryAttributesFile + 6 774C4BCA 4 Bytes [A8, 00, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtQueryAttributesFile + B 774C4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtQueryFullAttributesFile + B 774C4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtSetInformationFile + 6 774C515A 4 Bytes [28, 01, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtSetInformationFile + B 774C515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtSetInformationThread + 6 774C51AA 4 Bytes [28, 02, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtSetInformationThread + B 774C51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 4 Bytes [68, 03, 1D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5264] ntdll.dll!NtUnmapViewOfSection + B 774C544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtCreateFile + 6 774C424A 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtCreateFile + B 774C424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtMapViewOfSection + 6 774C499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtMapViewOfSection + 6 774C499A 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtMapViewOfSection + B 774C499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenFile + 6 774C4A2A 4 Bytes [68, 00, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenFile + B 774C4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcess + 6 774C4AAA 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcess + B 774C4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessToken + B 774C4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessTokenEx + 6 774C4ACA 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenProcessTokenEx + B 774C4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThread + 6 774C4B1A 4 Bytes [68, 01, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThread + B 774C4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadToken + 6 774C4B2A 4 Bytes [68, 02, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadToken + B 774C4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtOpenThreadTokenEx + B 774C4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryAttributesFile + 6 774C4BCA 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryAttributesFile + B 774C4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtQueryFullAttributesFile + B 774C4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationFile + 6 774C515A 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationFile + B 774C515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationThread + 6 774C51AA 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtSetInformationThread + B 774C51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtUnmapViewOfSection + 6 774C544A 4 Bytes [68, 03, 18, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!NtUnmapViewOfSection + B 774C544F 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000278774082
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000278774082 (not active ControlSet)
---- EOF - GMER 1.0.15 ---- Gruß
Anna |