| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ Agent.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.06.2012, 06:38
| #1 |
 |  TR/ Agent.Gen Guten Morgen, nach einem plötzlichen verschwinden aller Programmsymbole auf dem Desktop welche dann einfach als weiße Seiten wieder aufgetaucht sind, waren alle Verknüpfungen verschwunden. Alle Programme lassen sich wenn überhaupt nur noch über sehr umständliche Wege starten, denn beim direkten anklicken der Dateien, also auch der exe Dateien,kommt immer sofort das "Öffnen mit" Fenster. Avira hat nichts gemeldet und erst nach der Malware suche kam der Fund TR/Agent.Gen hier das Log Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 HOLGER :: HOLGER-PC [Administrator] Schutz: Deaktiviert 27.06.2012 19:35:33 mbam-log-2012-06-27 (19-35-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 964311 Laufzeit: 7 Stunde(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\HOLGER\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) schon mal Danke für die Hilfe  OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 08:28:13 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free 6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device) SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Plasmoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M] [2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions [2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions [2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com [2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml [2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml [2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps [2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen [2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk [2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf [2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat [2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll [2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll [2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll [2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll [2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll [2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini [2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll [2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll [2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll [2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll [2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll [2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll [2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll [2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll [2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll [2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll [2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll [2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll [2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe [2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll [2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll [2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll [2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll [2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll [2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe [2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll [2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll [2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe [2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll [2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll ========== LOP Check ========== [2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft [2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs [2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX [2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy [2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org [2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera [2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema [2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung [2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library [2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online [2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 08:28:13 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free 6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device) SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Plasmoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M] [2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions [2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions [2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com [2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml [2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml [2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps [2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen [2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk [2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf [2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat [2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll [2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll [2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll [2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll [2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll [2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini [2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll [2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll [2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll [2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll [2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll [2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll [2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll [2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll [2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll [2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll [2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll [2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll [2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe [2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll [2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll [2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll [2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll [2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll [2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe [2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll [2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll [2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe [2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll [2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll ========== LOP Check ========== [2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft [2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs [2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX [2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy [2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org [2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera [2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema [2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung [2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library [2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online [2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.06.2012 07:58:17 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 60,99% Memory free
6,50 Gb Paging File | 5,16 Gb Available in Paging File | 79,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 823,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102AD012-B5FB-4B58-9DBA-55455FC62C83}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1312A125-55F0-48CF-BFEA-98ECE6B4E1F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B5EFB86-D2B6-472D-BFDE-0AA47E6DBB3D}" = lport=445 | protocol=6 | dir=in | app=system |
"{2181C64B-0E29-4227-BAC3-6CDE6AA8CE7A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{277F9405-78C4-4A59-989D-6C9E38253257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C03E55E-C2C3-4AF9-96CF-0530E2ACA8B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{37E3CCB5-FA68-442A-95B1-35E3FAE0B740}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3BB68256-C138-48B9-B1AF-351E28EE8F29}" = lport=137 | protocol=17 | dir=in | app=system |
"{58B1CD6A-92A1-499A-B720-20DCE2E0E56F}" = rport=138 | protocol=17 | dir=out | app=system |
"{66A25583-1418-4605-9866-5B6E82710D5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68D39BC1-077C-4C66-BFFE-3C19311150D6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7DDDE052-B8C4-49AF-BC82-44E896C3D1DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8347939E-DB13-41EF-89D8-37147128C7AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89E67ECE-88AA-4672-AA45-9F0199CB1CD9}" = lport=138 | protocol=17 | dir=in | app=system |
"{90428154-8343-44C9-AA99-EF250DCCD7AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93E36C12-F05E-426B-A79C-020AD991589D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F39FD63-D4FB-40C1-AFEA-62531F756111}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A30B3F2D-EAA0-455A-B34C-FCAC7B2A3C80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD69A03C-0600-4378-83FD-9A282774207A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B65ECDE3-E39C-4EF8-B8F7-6BA0EE46A6B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{B6AD25A5-F960-4496-B100-D37847F7A584}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9C64E12-185B-4D1B-B7BA-32A080055677}" = rport=139 | protocol=6 | dir=out | app=system |
"{C72FD472-19E1-4C24-A551-458278B16023}" = rport=445 | protocol=6 | dir=out | app=system |
"{C97D7619-F625-41F7-AAF7-3D233BBB90D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FB90E485-319E-4AD1-9332-F96AD59FF1F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01441A78-B876-420F-9B7B-F856A0201DCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05A00F36-982A-4FCF-98F9-07AB46B5A27D}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe |
"{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{090AF306-AB92-4519-8D53-726A3618AF38}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{0CD1D211-E2C1-455C-BDB9-CFA438F58C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F392924-9C41-470E-88B8-18AD04BDD189}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe |
"{12B6E503-0365-4DE5-A5ED-161B82428641}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{15B07B33-2820-47E5-B9ED-5C9E93E7E2D0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{1AC12CD9-C5B8-46E0-BE4B-8D942A975FC3}" = protocol=6 | dir=out | app=system |
"{1DA86511-FF4F-42B6-91B1-9D9E222BDD34}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{1E949A2D-5259-4B3A-8840-BC9BCAC5CC91}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{25DBB59F-4793-4AE6-BEAB-734DE1390702}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{268B6A10-83E6-431A-BA93-6314C6809C0D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{287757B7-7E22-46BF-AC5B-6B4DD4C55EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E50F481-F078-4242-A875-612E8D3B1021}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{304E2BB2-53E3-48AD-B674-A6FAE0A2D931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{3561E84E-165E-46A6-96D1-1BC5D01E5F52}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{493844B1-16C9-4864-B0AC-D76967A88412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FF762CF-2E1B-4B06-B92C-FC556354FE9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{620A0425-E7E9-4392-BC6D-94E37862EB50}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6F5CFFAF-ED12-4A0C-8A98-8395302553FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{907E5DF1-814B-436E-B3F7-7670A4FA3356}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{935B86C9-FB1F-4995-BFA3-557FB0789EA6}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{A73CB69C-E102-4051-B559-D309C915F701}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A744F1DA-F521-4A9D-9AEA-A6399BB08396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB188F35-3027-4179-9A0B-A36154F89B93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{ADFF21C4-C19B-4324-A623-A85F77963FD1}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{BA8C6F70-523F-44EA-B062-9D2EB5AA12CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C900648D-04A6-4E35-82FC-070B243B49D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC9610FF-D89A-43CA-B5B0-99AA3618D79B}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{CD073175-34F2-4EB1-8A20-6BCD0BDF8B1C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE005EFF-F84F-4E28-B2B6-5A119271C88D}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D5B48266-8067-41F0-9B49-AD1EC3F58014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA451386-4FA8-4BA0-913B-F5A36F6C6A40}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{DE4CA033-6A41-4D93-B985-C17CCA2222B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E05EB876-AE0C-4CED-A332-A8EEDB6FD06C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E0FB310B-1593-4CAC-BCEF-F6F4F837E6B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E24B4645-1CBE-4E4D-94B1-994A2ED11C11}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe |
"{E4AB10A9-ED2D-46FB-A658-0EBD3BB797DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE095D71-4E6E-4001-B394-E085CDCCE8E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFAFF7EE-80CF-47D5-9CA5-77F04131F652}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{FA5E9BF7-86FB-403C-A3E9-A09AB75B1B9B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{FDBD2DFF-AE66-46BB-A7AF-E102379B7570}" = dir=in | app=c:\users\holger\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FE440254-188F-4EDE-A514-552ED46BADA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{82443CBA-A96C-454A-865D-23CAF5B30118}C:\baufaktura\huonkeraktualisierung.exe" = protocol=6 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe |
"TCP Query User{D3276AC9-37C1-425C-8F6C-B39A8290B438}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FC5EF1D3-9843-4C07-B7E2-EC73F7F412E8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{05D0C0AD-2096-4455-986D-945EFBDE2CB6}C:\baufaktura\huonkeraktualisierung.exe" = protocol=17 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe |
"UDP Query User{BA532E81-41FB-4EBC-8D51-D018582C3267}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CAB024C3-6887-4C12-9356-25F6624018EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF500AE-1A18-4FAB-98BB-9B2038ED528C}" = BauFaktura
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A0250B44-DF91-4B66-85AF-45FA5B5512FC}" = Internet Explorer
"{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA72867B-3964-4133-A8AE-D5EF9AC014DE}" = Anmeldevordruck 4.0
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElcomPDF" = ElcomPDF
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"KONICA MINOLTA magicolor 2530DL" = KONICA MINOLTA magicolor 2530DL
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Searchqu Toolbar" = Searchqu Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2011 13:22:12 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description =
Error - 05.10.2011 12:46:38 | Computer Name = HOLGER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lxeecoms.exe, Version: 9.2.33.0,
Zeitstempel: 0x4b1ffc19 Name des fehlerhaften Moduls: lxeeserv.dll, Version: 9.2.33.0,
Zeitstempel: 0x4b1ffdcd Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006bcd7 ID des fehlerhaften
Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01cc837e529eb340 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\lxeecoms.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\lxeeserv.dll Berichtskennung: 9755bba0-ef71-11e0-bf81-406186c4de20
Error - 09.10.2011 13:00:02 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description =
Error - 16.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description =
Error - 23.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description =
Error - 01.11.2011 13:30:35 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103
Description =
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13
Description =
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193
Description =
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13
Description =
Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193
Description =
[ Media Center Events ]
Error - 07.05.2012 11:46:19 | Computer Name = HOLGER-PC | Source = MCUpdate | ID = 0
Description = 17:46:01 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )
[ System Events ]
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.06.2012 13:25:40 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005
Description =
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005
Description =
Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxeeCATSCustConnectService erreicht.
Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 27.06.2012 13:32:40 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10016
Description =
< End of report >
ich kann meinen Beitrag leider nicht editieren sonst würd ich den doppelpost rausnehmen und aufgrund dieser exe auswahlgeschichte weiss ich auch nicht wie ich die programme als admin starten kann |
Baum-Darstellung