| turambar | 16.10.2012 20:36 |
Danke für die Antwort! Bin zum ersten Mal hier, ich wusste nicht, dass ich die Malwarebytes Logs auch posten muss.
Also, dann wollen wir mal: Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.10.14.03
Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7601.17514
Friedel :: WHEATLEY [Administrator]
16.10.2012 21:20:13
mbam-log-2012-10-16 (21-20-13).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214362
Laufzeit: 4 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:14 on 14/10/2012 (Friedel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
OTL logfile created on: 14.10.2012 16:15:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,83% Memory free
6,50 Gb Paging File | 5,99 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 796,43 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive G: | 488,25 Mb Total Space | 480,73 Mb Free Space | 98,46% Space Free | Partition Type: FAT
Computer Name: WHEATLEY | User Name: Friedel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.14 15:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
========== Modules (No Company Name) ==========
MOD - [2011.04.01 11:15:22 | 000,268,808 | ---- | M] () -- C:\Programme\G Data\AntiVirus\AVK\ShellExt.dll
MOD - [2010.09.22 22:12:20 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
========== Services (SafeList) ==========
SRV - [2012.10.09 14:10:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.06 11:35:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.09.06 03:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012.06.18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.01.14 13:00:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 19:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.09.08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.01 11:16:44 | 000,353,288 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.04.01 11:16:02 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2011.04.01 11:15:58 | 001,430,024 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.04.01 03:28:44 | 001,368,648 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.27 18:24:52 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Stopped] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.09.16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Friedel\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - [2012.05.14 14:48:51 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.09.08 20:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.09.08 18:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.06.25 15:33:21 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.06.25 15:32:39 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.06.25 15:32:37 | 000,074,456 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.06.25 15:32:37 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.06.25 15:32:35 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011.06.25 15:32:33 | 000,052,440 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2002.06.20 19:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 19:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 19:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 19:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C6FD38B5-0D2D-4DEC-A3DB-E7828C35256F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mI-j8KbO_ixizyRHH-boFqQjMH4?q={searchTerms}
IE - HKCU\..\SearchScopes\{C6FD38B5-0D2D-4DEC-A3DB-E7828C35256F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{E4E9256C-AFF3-42A9-AA1E-FD719320B1AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11089.229
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.15 16:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.15 16:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.26 10:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Extensions
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.21 21:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Firefox\Profiles\q1xpekqa.default\extensions
[2012.09.15 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.25 15:32:44 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.09.21 20:54:10 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.09.21 20:54:17 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.09.06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - Extension: YouTube = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [mywmdfzslonndag] C:\ProgramData\mywmdfzs.exe ()
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{479857B1-B47D-4A4A-A160-9DB2B23B5395}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5525416A-6096-4384-B2E8-4DCBE6671729}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9a49e23-5a88-11df-9689-4061869323d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d9a49e23-5a88-11df-9689-4061869323d4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.14 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Malwarebytes
[2012.10.14 14:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.14 14:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.14 14:35:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.14 14:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.14 14:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\tvmklivslpgoqej
[2012.10.13 16:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.10.13 14:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.10.13 14:52:27 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.10.13 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Friedel\Documents\StarCraft II
[2012.10.13 14:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.10.13 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.10.13 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.09.24 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Eastman_Kodak_Company
[2012.09.24 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Eastman Kodak Company
[2012.09.24 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012.09.24 21:15:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012.09.24 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012.09.24 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Temp
[2012.09.24 21:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.09.21 20:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.09.21 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.09.21 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.09.18 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.18 21:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.18 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.18 21:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.16 12:23:23 | 000,000,000 | ---D | C] -- C:\Users\Friedel\Desktop\DCIM
[2012.09.15 16:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.15 16:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.15 12:41:13 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Macromedia
[4 C:\Users\Friedel\Documents\*.tmp files -> C:\Users\Friedel\Documents\*.tmp -> ]
[3 C:\Users\Friedel\*.tmp files -> C:\Users\Friedel\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.14 16:14:08 | 000,000,000 | ---- | M] () -- C:\Users\Friedel\defogger_reenable
[2012.10.14 15:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 15:53:17 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 15:49:08 | 000,050,477 | ---- | M] () -- C:\Users\Friedel\Desktop\Defogger.exe
[2012.10.14 15:38:12 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 15:38:11 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 15:35:43 | 000,001,962 | ---- | M] () -- C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2012.10.14 14:35:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.14 14:11:35 | 000,076,348 | ---- | M] () -- C:\ProgramData\uvyfebthvgndprn
[2012.10.14 14:11:29 | 000,110,592 | ---- | M] () -- C:\ProgramData\mywmdfzs.exe
[2012.10.14 14:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 14:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.10.14 13:44:06 | 000,825,283 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.10.14 13:44:06 | 000,044,928 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.10.13 20:38:02 | 000,011,851 | ---- | M] () -- C:\Users\Friedel\Desktop\1-5.jpg
[2012.10.13 16:38:04 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.12 20:40:23 | 000,001,882 | ---- | M] () -- C:\Users\Friedel\Desktop\Messages from Mike - Verknüpfung.lnk
[2012.10.09 20:53:10 | 000,705,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.09 20:53:10 | 000,666,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.09 20:53:10 | 000,150,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.09 20:53:10 | 000,126,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 10:31:10 | 000,603,710 | ---- | M] () -- C:\Users\Friedel\Desktop\Canon TS-E 24mm f_3.5 L II Objektiv 4960999635163 _ eBay.pdf
[2012.10.06 12:53:32 | 058,414,603 | ---- | M] () -- C:\Users\Friedel\Desktop\Intro_US_2.wmv
[2012.10.06 12:15:26 | 083,822,713 | ---- | M] () -- C:\Users\Friedel\Desktop\National Parks.wmv
[2012.10.06 12:06:18 | 000,107,056 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US_2.veg
[2012.10.05 00:11:04 | 000,107,152 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US_2.veg.bak
[2012.10.03 19:49:24 | 184,382,713 | ---- | M] () -- C:\Users\Friedel\Desktop\National Park_large.wmv
[2012.10.03 18:40:14 | 000,102,680 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US.veg
[2012.10.03 18:29:56 | 000,099,096 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US.veg.bak
[2012.10.01 09:35:16 | 006,187,974 | ---- | M] () -- C:\Users\Friedel\Desktop\IMG_2274.JPG
[2012.10.01 09:20:32 | 006,161,863 | ---- | M] () -- C:\Users\Friedel\Desktop\IMG_2258.JPG
[2012.09.23 22:00:19 | 141,647,184 | ---- | M] () -- C:\Users\Friedel\Desktop\Crater Lake_panoramic.bmp
[2012.09.23 18:29:24 | 019,925,705 | ---- | M] () -- C:\Users\Friedel\Desktop\Bildbeispiel_Brennweite.wmv
[2012.09.23 18:16:23 | 000,037,872 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfk0
[2012.09.23 18:11:03 | 021,773,816 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfap1
[2012.09.23 18:09:39 | 012,448,115 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv
[2012.09.23 17:37:57 | 008,766,348 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1.mp4
[2012.09.23 16:28:40 | 000,307,696 | ---- | M] () -- C:\Users\Friedel\Desktop\Canon EF 100mm 2,8 L IS USM Macro Objektiv_ Amazon.de_ Elektronik.pdf
[2012.09.20 18:08:08 | 000,155,576 | ---- | M] () -- C:\Users\Friedel\Documents\US trip.veg
[2012.09.18 21:06:01 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.15 16:04:08 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[4 C:\Users\Friedel\Documents\*.tmp files -> C:\Users\Friedel\Documents\*.tmp -> ]
[3 C:\Users\Friedel\*.tmp files -> C:\Users\Friedel\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.14 16:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Friedel\defogger_reenable
[2012.10.14 16:13:21 | 000,050,477 | ---- | C] () -- C:\Users\Friedel\Desktop\Defogger.exe
[2012.10.14 14:35:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.14 14:11:34 | 000,110,592 | ---- | C] () -- C:\ProgramData\mywmdfzs.exe
[2012.10.14 14:11:29 | 000,076,348 | ---- | C] () -- C:\ProgramData\uvyfebthvgndprn
[2012.10.13 20:38:02 | 000,011,851 | ---- | C] () -- C:\Users\Friedel\Desktop\1-5.jpg
[2012.10.13 14:31:22 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.08 10:31:07 | 000,603,710 | ---- | C] () -- C:\Users\Friedel\Desktop\Canon TS-E 24mm f_3.5 L II Objektiv 4960999635163 _ eBay.pdf
[2012.10.03 21:33:35 | 058,414,603 | ---- | C] () -- C:\Users\Friedel\Desktop\Intro_US_2.wmv
[2012.10.03 20:02:19 | 083,822,713 | ---- | C] () -- C:\Users\Friedel\Desktop\National Parks.wmv
[2012.10.03 19:50:42 | 000,107,152 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US_2.veg.bak
[2012.10.03 19:50:42 | 000,107,056 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US_2.veg
[2012.10.03 19:17:54 | 184,382,713 | ---- | C] () -- C:\Users\Friedel\Desktop\National Park_large.wmv
[2012.10.03 17:45:39 | 000,102,680 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US.veg
[2012.10.03 17:45:39 | 000,099,096 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US.veg.bak
[2012.10.01 10:17:58 | 006,187,974 | ---- | C] () -- C:\Users\Friedel\Desktop\IMG_2274.JPG
[2012.10.01 10:17:35 | 006,161,863 | ---- | C] () -- C:\Users\Friedel\Desktop\IMG_2258.JPG
[2012.09.23 22:00:17 | 141,647,184 | ---- | C] () -- C:\Users\Friedel\Desktop\Crater Lake_panoramic.bmp
[2012.09.23 18:14:03 | 019,925,705 | ---- | C] () -- C:\Users\Friedel\Desktop\Bildbeispiel_Brennweite.wmv
[2012.09.23 18:11:02 | 021,773,816 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfap1
[2012.09.23 18:11:02 | 000,037,872 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfk0
[2012.09.23 18:09:16 | 012,448,115 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv
[2012.09.23 17:37:49 | 008,766,348 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1.mp4
[2012.09.23 16:28:39 | 000,307,696 | ---- | C] () -- C:\Users\Friedel\Desktop\Canon EF 100mm 2,8 L IS USM Macro Objektiv_ Amazon.de_ Elektronik.pdf
[2012.09.18 21:06:01 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.15 16:04:08 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.28 18:01:41 | 000,029,374 | ---- | C] () -- C:\Users\Friedel\AppData\Local\recently-used.xbel
[2011.12.03 17:06:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.08.26 16:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.08.09 21:17:23 | 000,007,602 | ---- | C] () -- C:\Users\Friedel\AppData\Local\Resmon.ResmonCfg
[2011.06.25 21:28:45 | 000,825,283 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.06.15 20:17:50 | 000,001,940 | ---- | C] () -- C:\Users\Friedel\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.03.30 23:13:26 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.10.24 15:36:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.08 15:47:43 | 727,973,887 | ---- | C] () -- C:\Users\Friedel\thedarkknight.wtv
[2010.06.20 09:02:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.06.08 07:28:07 | 000,005,632 | ---- | C] () -- C:\Users\Friedel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.25 18:15:33 | 000,001,958 | ---- | C] () -- C:\Users\Friedel\AppData\Roaming\wklnhst.dat
[2010.05.24 17:03:55 | 000,000,026 | ---- | C] () -- C:\Users\Friedel\1103e87c128cad76bae.notes
[2010.05.24 17:03:55 | 000,000,023 | ---- | C] () -- C:\Users\Friedel\1103e87c128cad76bae.details
[2010.05.24 15:49:55 | 000,000,378 | ---- | C] () -- C:\Users\Friedel\babed1aa128ca93ac76.details
[2010.05.24 15:49:55 | 000,000,000 | ---- | C] () -- C:\Users\Friedel\babed1aa128ca93ac76.notes
[2010.05.24 15:49:19 | 000,000,016 | ---- | C] () -- C:\Users\Friedel\persistent_state
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.10.13 16:27:35 | 000,000,000 | -HSD | M] -- C:\Users\Friedel\AppData\Roaming\.#
[2010.05.25 19:42:37 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Ace
[2012.10.13 16:12:20 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012.05.06 17:46:05 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Audacity
[2011.12.18 11:48:32 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Blender Foundation
[2010.07.07 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\FreeVideoConverter
[2011.10.15 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2010.05.30 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Opera
[2010.05.24 08:56:29 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Petroglyph
[2011.06.26 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Publish Providers
[2011.05.27 06:37:07 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Research In Motion
[2011.08.06 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Sony
[2011.08.06 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Sony Creative Software Inc
[2011.05.07 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\SPORE
[2012.09.24 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Temp
[2010.05.25 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Template
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Thunderbird
[2010.08.11 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Ulead Systems
[2012.05.13 18:13:10 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Wacom
[2012.05.13 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Friedel\Documents\nfv.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Friedel\Documents\Handout Physik.doc:Roxio EMC Stream
< End of report >
--- --- ---
[/code]
OTL Logfile: Code:
OTL Extras logfile created on: 14.10.2012 16:15:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,83% Memory free
6,50 Gb Paging File | 5,99 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 796,43 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive G: | 488,25 Mb Total Space | 480,73 Mb Free Space | 98,46% Space Free | Partition Type: FAT
Computer Name: WHEATLEY | User Name: Friedel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D0F78-EE6C-4A13-AC8D-20DB7121FCEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{123E6D78-0DF4-4983-A8F4-E19E1CEBFB0F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2671F6AF-ADFC-40BA-8FB1-AC0B6C713EA4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28E84E2E-ED98-4E59-920E-63CDF6E3E13D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2977758F-ED30-4ED9-80B6-F56223DCB1BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{356108D1-B433-4DCD-B1A0-564DFF978186}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3865C063-7A87-4BA7-BCEF-903AD98577BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{3902AD2D-E6E9-4D41-8C4A-DCCDDB0F833D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A76BF00-56AF-46A2-B718-6E0AAFE75E50}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D7A9D29-934C-4A26-BB0C-9DC571592F19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60BEC4EC-B949-4E79-BD6F-9F5B12819CFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70D79096-886D-476A-80A6-5161906F5848}" = rport=137 | protocol=17 | dir=out | app=system |
"{71BE894C-4FF2-4408-A53D-0813E569C515}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{776BCD69-4CFB-4B0C-9574-0AC3CCBC42C6}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{888E6245-63DC-4B4C-A9D2-0B83688066D4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8FBEB9C1-B0E1-42AF-9A77-B14D66C85529}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91BB2F3E-4A95-43CA-8B36-8CFA3503A2F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9FF95C27-4CA2-4610-96D6-528C1ABEAE7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1E63739-AE5C-4D2A-85F6-42EA789D6AD0}" = rport=445 | protocol=6 | dir=out | app=system |
"{A211B0E2-C1F4-4688-9CA3-B5E920006370}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9BD8990-E442-4B76-8712-49B1BC7D6A47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC46D91D-0F29-442D-A61D-A429BD0CDF0D}" = lport=445 | protocol=6 | dir=in | app=system |
"{F244021E-DFDA-4C32-AC12-59711397B7C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2B5B887-6CBE-47D2-B02E-747A6792A779}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC06CE37-167A-4707-979C-8C84AA7690C0}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041BC703-380B-43ED-88E9-64303008FBFE}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{0665FF0E-12AD-436F-85FB-7923DC354EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0B127532-63A0-4933-A00D-D92C8F774F90}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe |
"{0BF5A7DD-ED7E-4826-A2BF-1108A3BAAE01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{0BF7BD2E-4413-48B0-B687-1D895D977088}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{17710254-3358-4B88-B901-C66AB2629244}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1D857C44-BE50-41C5-B42C-CC7A1B09D49D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FD774C0-D609-4C68-A72A-6392A37F714D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{331F8BC5-59F6-45E3-93D3-1F9FB1EFECF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33562258-A488-4250-B7C7-377D4EC04518}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{3A6AF93D-CE69-43AB-89E6-7299627D0014}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{3AFF26A6-1099-4C08-ADA6-4485081DC88C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{3BE1033D-4FDA-4F96-ADB2-206E3DDE3B23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3F8944D1-9E4E-4670-B78A-819596C3EB3A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{42790759-8BC2-40CD-9A6D-372C940694BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{44629F49-E257-4B2F-A44E-50BDBE4D848E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{506F6ADF-7A51-45EB-BA59-764CA52FCEAA}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{5A411BA6-3DCD-4A6C-92A5-4CC2BFFEE63C}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{5A77139C-CBA1-4940-88BE-EF7EEF56A3E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{609DF8FF-33CC-4CB8-B481-4843EE2B1C21}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{628CB2F8-2643-4ADC-A430-C84DFB9AF6C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6309A85A-AD11-4F59-9E6A-B32AEB017627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65CBD408-EF55-4055-A1AF-6FD1224F6CD6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{65D4BEED-CEFE-4E60-89AB-1754D2C323F9}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{6858D78F-EEA3-4CC8-B100-16121BD24C66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{68EC649A-C267-4EA9-B1D9-113B20F6F078}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe |
"{695182FD-4D36-4EB2-BDE2-389522C95696}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{69E820C4-C504-4168-A7E5-B71B8B822685}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C40975B-6167-4B7B-8C75-E4D0F3ADADD6}" = protocol=17 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"{701EF2F3-C71C-45FD-9081-257EBEA3619A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{725416CB-2435-4C8D-932F-7D4C23C8B5EE}" = protocol=6 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"{7B1EACE7-279C-486E-A61C-C322D117FFF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7F493754-451B-4AB7-9F12-6B514B41CBF6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{7F85860E-2514-4DDD-A0EB-E9DDC3B0CB66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe |
"{83DB4CD0-5425-4B79-A3E1-9C26F9397EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{89F4262A-2ED0-4241-A586-B4B38E56ECAC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8EED67E7-395A-44AD-AC27-F0979E613DCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9601AB55-1328-4432-AE39-2E6A6390168C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{990E32E0-DA11-4649-AE53-82C17FD46903}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{99C49217-F959-4AAB-B2EF-30E0F3E9F930}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{99CCC2E4-C54C-42F7-A1C1-8237693544EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9C0A7A1A-18EA-4568-8E4E-AE31C9635D41}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4655CC6-E567-4023-B402-46E5825860D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C99362-0C37-482B-911B-2CB09C247E4E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{AF99EEE7-A701-4CFF-959F-962A261EC0F8}" = protocol=6 | dir=out | app=system |
"{B09AA2C9-2733-4EEE-BE4F-3AC92C374EA9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{B3A42B34-9638-4B86-A395-B4CC1C52E359}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5082424-D183-49EB-9656-44E14D66770F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{B8AB2DCE-8454-4C61-84BE-962AA6539C86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B9D0FA07-0E07-4F00-A64A-A1900C0DA37F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BE73D40D-C534-4CF2-83C9-517CDC5FFDEE}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{D60F7A2F-967E-4A3C-80FD-F044733C46F8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{DC241C67-B9A0-4EB3-A21F-7D9C8EC1623A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC3B794A-023F-435A-BAE5-A3B427628419}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{DD6B8B0C-57D6-4D84-84B5-86E4125BA1BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF6D4D86-78B4-4F04-98F7-90232DF973FE}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{E468080C-13F5-4D6C-A233-B6BC007472D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe |
"{E5996A49-A109-4F12-91D4-D699F9724B82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe |
"{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE42882C-1117-4A23-A7A1-C83EB3CFFA3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{EF0976D8-F327-42F7-9DCB-00E1566A9FE9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{EF679C6D-77DA-444C-A4CB-36A5005DD2DD}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{F0730E2D-B132-43D2-B551-4274DA0B36C7}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{F5F6B53F-B27B-4C5E-8A09-607CFC05BD64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB6D8EBA-E0F0-4A2C-AA2C-B258148F6D15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"TCP Query User{331E9F16-6825-4C5F-B31F-252960BFDA2A}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=6 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe |
"TCP Query User{54B25389-DE86-4EEB-A1CF-C4D9460F8D50}C:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"TCP Query User{5C30838A-C251-4FAD-BEED-03ECA0314B13}C:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{5FF66C44-3D70-4E84-BB07-D76FCD616B92}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6985B3E7-E843-4441-98CE-E4E66D26057B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{6B4DD065-1289-4B23-846B-EDF7CFDA22D6}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{8C8D138E-83CE-4057-9678-D22B26EB5CA6}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"TCP Query User{9189C068-F8BB-4DEA-BCF9-B89BA8B19C64}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{D7EFE573-C049-4ACB-A107-1861DB9B9FEB}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=6 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe |
"TCP Query User{EA09DFD7-9327-4125-A211-A87E6FED0926}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{0E04C3EB-4FCA-4EDF-B0BE-2C883F409487}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{1263A2E0-CFA7-4191-A781-64EFB78AC560}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{58058209-C3A4-4AD3-B8D2-12312495818F}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=17 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe |
"UDP Query User{6A0076B6-52F5-4983-8F77-8B8413FDE6F8}C:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{6A7F9AF6-14B4-40EF-B82E-4515FE29F1E1}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{7B7E9993-3F9C-4B33-AE26-B8E29080E47F}C:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"UDP Query User{9F34C78F-39C2-444D-AA1C-B8DD7E03279E}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{A8F1DDC7-0851-4EC8-9339-1BBE3ADEE778}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{D0270356-311F-459A-8B03-1AC1D26DB248}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=17 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe |
"UDP Query User{F23EEE3A-E3B0-45CA-9E41-FF0BEC8F5E60}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DDBB403-693C-4922-A6DF-0B63B4D6BC88}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5AC11070-A1CB-11E0-A0DC-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{81E19A62-1FD2-1066-7C10-19DD3323E27F}" = AMD Media Foundation Decoders
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{840D2B01-6A05-1D0D-DCD2-59567DE0E0BC}" = AMD Fuel
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A024B9E5-7702-4556-A7BF-A04BFF2DE5D8}" = Might & Magic Heroes VI - Game Official Demo
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ADA348F3-EE4E-407D-A22D-105A9A0116BB}" = 3D-Weltatlas
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}" = HD Writer AE 2.6T
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}" = pdfforge Toolbar v6.3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5E0CB10-C275-11DF-B3A6-0013D3D69929}" = DVD Architect Pro 5.2
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA5207DE-C275-11DF-AC9F-0013D3D69929}" = MSVCRT Redists
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC0B3C41-FED1-4245-97CD-F03BEEBDEE89}" = Media Manager 2.4
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = AMD VISION Engine Control Center
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7034A1E-E44D-4CB4-B628-CC7D728701E7}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"Bamboo Dock" = Bamboo Dock
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Blender" = Blender
"Celestia_is1" = Celestia 1.6.0
"Crimson Skies 1.0" = Microsoft Crimson Skies
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter version 2.3.0
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.1.5
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"HP Photo Creations" = HP Photo Creations
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{ADA348F3-EE4E-407D-A22D-105A9A0116BB}" = 3D-Weltatlas
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Maxima-5.23.2_is1" = Maxima 5.23.2
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"Pen Tablet Driver" = Bamboo
"StarCraft II" = StarCraft II
"Steam App 410" = Portal: First Slice
"Steam App 42910" = Magicka
"Steam App 44320" = DiRT 3
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"GeoGebraPrim" = GeoGebraPrim
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2012 14:42:30 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Safari.exe, Version: 5.34.57.2, Zeitstempel:
0x4f982b5e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
Zeitstempel: 0x503275ba Ausnahmecode: 0x80000003 Fehleroffset: 0x000348be ID des fehlerhaften
Prozesses: 0x1674 Startzeit der fehlerhaften Anwendung: 0x01cda9727c7c02a6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Safari\Safari.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: bdfb5e64-1565-11e2-b26e-000a3a85a4a9
Error - 14.10.2012 08:09:48 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.57.2.4,
Zeitstempel: 0x4f97642d Name des fehlerhaften Moduls: npJavaPlugin.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4f98232a Ausnahmecode: 0xc0000005 Fehleroffset:
0x65ea4162 ID des fehlerhaften Prozesses: 0xf98 Startzeit der fehlerhaften Anwendung:
0x01cdaa0429316674 Pfad der fehlerhaften Anwendung: C:\Program Files\Safari\Apple
Application Support\WebKit2WebProcess.exe Pfad des fehlerhaften Moduls: npJavaPlugin.dll
Berichtskennung:
0c63de6d-15f8-11e2-9c78-000a3a85a4a9
Error - 14.10.2012 08:13:49 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353 18 100.2.168.192.in-addr.arpa.
PTR Wheatley-2.local.
Error - 14.10.2012 08:13:49 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.2.168.192.in-addr.arpa.
PTR Wheatley.local.
Error - 14.10.2012 08:19:14 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353 18 100.2.168.192.in-addr.arpa.
PTR Wheatley-2.local.
Error - 14.10.2012 08:19:14 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.2.168.192.in-addr.arpa.
PTR Wheatley.local.
Error - 14.10.2012 08:22:29 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353 18 100.2.168.192.in-addr.arpa.
PTR Wheatley-2.local.
Error - 14.10.2012 08:22:29 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.2.168.192.in-addr.arpa.
PTR Wheatley.local.
Error - 14.10.2012 08:34:01 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDSC.exe, Version: 22.0.11091.238,
Zeitstempel: 0x4d95315a Name des fehlerhaften Moduls: GDSC.exe, Version: 22.0.11091.238,
Zeitstempel: 0x4d95315a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000628a2 ID des fehlerhaften
Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0x01cdaa0813e81460 Pfad der
fehlerhaften Anwendung: C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe Pfad des
fehlerhaften Moduls: C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe Berichtskennung:
6e4b5f99-15fb-11e2-b40b-4061869323d4
Error - 14.10.2012 09:34:37 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353 18 100.2.168.192.in-addr.arpa.
PTR Wheatley-2.local.
Error - 14.10.2012 09:34:37 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.2.168.192.in-addr.arpa.
PTR Wheatley.local.
[ System Events ]
Error - 14.10.2012 09:53:40 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:40 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:41 | Computer Name = Wheatley | Source = DCOM | ID = 10005
Description =
Error - 14.10.2012 09:53:41 | Computer Name = Wheatley | Source = DCOM | ID = 10005
Description =
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
--- --- ---
[/code] Code:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-14 17:36:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000063 WDC_WD15 rev.80.0
Running: 0cog7507.exe; Driver: C:\Users\Friedel\AppData\Local\Temp\fxliqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8268EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 826C84D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a85a4a9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a85a4a9 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
--- --- ---
So, ich hoffe das passt so alles :) Danke schon mal im Vorraus für jede Unterstützung. |
