My start Incredibar Problem meine mutter hat an ihrem pc das problem das sie bei Jedem Browser immer diese startseite hat: hxxp://mystart.incredibar.com/mb213?a=6R8SjaQ07s&loc=CH_NT
sie hat schon alles möglich versucht (löchen im system einstellungen etc)
hat nichts gebracht^^
hab mich hier umgesehen und wollte jetz nur fragen obs okay is wenn ich OTL benutze und meine logfiles hier poste.. oder soll ich dannach sofort mit adwcleaner weitermachen ? is ja eigentlich gut erklärt...
--->noob...:headbang::confused:
danke schoma xD werd post editen wenn ich die Logfiles habe
OTL: Code:
OTL logfile created on: 26.01.2013 15:54:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lydia\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,97 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,92% Memory free
4,18 Gb Paging File | 3,29 Gb Available in Paging File | 78,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 35,69 Gb Free Space | 47,87% Space Free | Partition Type: NTFS
Computer Name: LYDIA-PC | User Name: Lydia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lydia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\jmdp\stij.exe ()
PRC - C:\Windows\System32\dmwu.exe ()
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
PRC - C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe ()
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Windows\System32\WTClient.exe (Tablet Driver)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Windows\System32\jmdp\stij.exe ()
MOD - C:\Windows\System32\jmdp\lmrn.dll ()
MOD - C:\Windows\System32\jmdp\sqlite3.dll ()
MOD - C:\Programme\D-Link\DWA-140 revB\ANPDApi.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\WinTab32.dll ()
MOD - C:\Windows\System32\MyDrawLineWindowDll.dll ()
MOD - C:\Programme\D-Link\DWA-140 revB\wlanapp.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (D_Link_DWA-140_WPS) -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe ()
SRV - (WinTabService) -- C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (XDva393) -- C:\Windows\system32\XDva393.sys File not found
DRV - (XDva389) -- C:\Windows\system32\XDva389.sys File not found
DRV - (XDva388) -- C:\Windows\system32\XDva388.sys File not found
DRV - (XDva386) -- C:\Windows\system32\XDva386.sys File not found
DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found
DRV - (Tablet2k) -- C:\Windows\System32\Drivers\Tablet2k.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys File not found
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MpKslb6edb7a1) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97492B10-DF42-4FF7-BFE6-4E800AF7AA14}\MpKslb6edb7a1.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\Dnetr28u.sys (Ralink Technology Corp.)
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb213?a=6R8SjaQ07s&i=26
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 5F 53 6A 9A FE CB 01 [binary data]
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..\SearchScopes\{136CE4FA-0E08-4736-8852-2452DF3DC03C}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb213/?search={searchTerms}&loc=IB_DS&a=6R8SjaQ07s&i=26
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb213/?loc=IB_DS&a=6R8SjaQ07s&&i=26&search="
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb203?a=6R8SjaQ07s&i=26"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 18:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 18:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 10:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.20 10:08:02 | 000,000,000 | ---D | M]
[2011.04.19 17:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lydia\AppData\Roaming\mozilla\Extensions
[2013.01.24 15:49:31 | 000,002,125 | ---- | M] () -- C:\Users\Lydia\AppData\Roaming\mozilla\firefox\profiles\wuau1n41.default\searchplugins\MyStart Search.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Lydia\AppData\Roaming\mozilla\firefox\profiles\wuau1n41.default\searchplugins\plasmoo.xml
[2013.01.20 10:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.20 10:07:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.02 14:25:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.20 10:10:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.31 18:55:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:09:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.31 18:55:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.31 18:55:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.31 18:55:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.31 18:55:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://plasmoo.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://plasmoo.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: New Tab Creator for Chrome\u2122 = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhljpgmfjednccepebhodcpbdbdpjch\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: New Tab for Chrome = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Extension = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: DivX Plus Web Player HTML5 \\u003Cvideo\\u003E = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\Lydia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [D-Link D-Link DWA-140] C:\Programme\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lydia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Programme\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1225249363-3433418232-1660992770-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C2E3969-D7D9-4C8F-87AF-13FB3145911C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0B1E8C-1925-4AC4-8608-8B39D08D6F36}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lydia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2015fe12-6a7b-11e0-94a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2015fe12-6a7b-11e0-94a2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.26 15:15:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lydia\Desktop\OTL.exe
[2013.01.24 15:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2013.01.24 15:49:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013.01.24 15:49:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013.01.24 15:49:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013.01.24 15:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Artweaver
[2013.01.24 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\Lydia\AppData\Roaming\Artweaver Free
[2013.01.24 15:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Artweaver Free
[2013.01.24 15:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Drawing for Children
[2013.01.24 15:38:34 | 000,733,696 | ---- | C] (Qsc) -- C:\Windows\GPInstall.exe
[2013.01.20 10:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.05 12:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK ARCUS Graphics Tablet
[2013.01.05 12:15:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\TabletPmt
[2013.01.05 12:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\TABLET
========== Files - Modified Within 30 Days ==========
[2013.01.26 15:24:09 | 013,462,931 | ---- | M] () -- C:\Users\Lydia\Desktop\mbar-1.01.0.1016.zip
[2013.01.26 15:21:40 | 000,578,255 | ---- | M] () -- C:\Users\Lydia\Desktop\adwcleaner.exe
[2013.01.26 15:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lydia\Desktop\OTL.exe
[2013.01.26 15:09:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 14:26:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.26 14:25:24 | 000,000,680 | ---- | M] () -- C:\Users\Lydia\AppData\Local\d3d9caps.dat
[2013.01.26 14:25:02 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.26 14:25:02 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.26 14:24:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.26 14:24:21 | 2113,359,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.24 15:50:36 | 000,000,451 | ---- | M] () -- C:\user.js
[2013.01.24 15:38:37 | 000,733,696 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2013.01.23 20:09:31 | 002,400,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.23 20:09:31 | 001,823,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.23 20:09:30 | 006,840,060 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.23 20:09:30 | 002,050,166 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 17:04:47 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.02 18:51:57 | 000,020,156 | ---- | M] () -- C:\Users\Lydia\.recently-used.xbel
========== Files Created - No Company Name ==========
[2013.01.26 15:21:51 | 013,462,931 | ---- | C] () -- C:\Users\Lydia\Desktop\mbar-1.01.0.1016.zip
[2013.01.26 15:19:01 | 000,578,255 | ---- | C] () -- C:\Users\Lydia\Desktop\adwcleaner.exe
[2013.01.24 15:50:32 | 000,000,451 | ---- | C] () -- C:\user.js
[2013.01.24 15:49:23 | 001,062,856 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.01.24 15:49:22 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.01.02 18:51:57 | 000,020,156 | ---- | C] () -- C:\Users\Lydia\.recently-used.xbel
[2012.12.16 17:47:03 | 000,011,390 | ---- | C] () -- C:\Users\Lydia\Eis beispiele .xcf
[2012.12.16 17:45:59 | 000,013,974 | ---- | C] () -- C:\Users\Lydia\Linden beispiele .xcf
[2012.11.12 15:43:11 | 000,196,029 | ---- | C] () -- C:\Users\Lydia\Rabenpfotes Abschied.jpg
[2012.10.10 18:03:09 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2012.10.10 18:03:04 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.01.14 20:50:17 | 000,000,552 | ---- | C] () -- C:\Users\Lydia\AppData\Local\d3d8caps.dat
[2011.11.21 18:34:17 | 000,479,670 | ---- | C] () -- C:\Users\Lydia\Foto0168.jpg
[2011.11.21 18:34:14 | 000,383,157 | ---- | C] () -- C:\Users\Lydia\Foto0169.jpg
[2011.11.21 18:34:05 | 000,515,026 | ---- | C] () -- C:\Users\Lydia\Foto0086.jpg
[2011.11.21 18:33:59 | 000,130,987 | ---- | C] () -- C:\Users\Lydia\foto0044_002.jpg
[2011.06.24 19:21:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.05.17 19:44:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.05.16 18:19:48 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2011.05.02 13:04:44 | 000,005,120 | ---- | C] () -- C:\Users\Lydia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.19 20:22:21 | 000,000,121 | ---- | C] () -- C:\Windows\QScreenCapt.ini
[2011.04.19 17:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.19 13:43:56 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.19 13:43:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.19 13:42:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.19 13:42:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.19 13:08:17 | 000,000,680 | ---- | C] () -- C:\Users\Lydia\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006.11.02 13:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.20 14:33:20 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\.minecraft
[2013.01.24 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Artweaver Free
[2011.05.18 14:47:56 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.02 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\gtk-2.0
[2011.04.19 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\IrfanView
[2012.01.14 20:19:55 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\Notepad++
[2011.04.19 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\OpenOffice.org
[2012.02.11 02:23:19 | 000,000,000 | ---D | M] -- C:\Users\Lydia\AppData\Roaming\SysLipe
========== Purity Check ==========
< End of report > Extras: Code:
OTL Extras logfile created on: 26.01.2013 15:38:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lydia\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,69% Memory free
4,18 Gb Paging File | 3,32 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 35,68 Gb Free Space | 47,86% Space Free | Partition Type: NTFS
Computer Name: LYDIA-PC | User Name: Lydia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1225249363-3433418232-1660992770-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1225249363-3433418232-1660992770-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{363A2389-6A3F-4016-BB1B-D33624F09DC3}" = lport=57499 | protocol=17 | dir=in | name=pando media booster |
"{8A841164-CA4F-4F46-872A-7652F64B93D5}" = lport=57499 | protocol=17 | dir=in | name=pando media booster |
"{A221095A-E9F7-4862-B8D0-B7BC6B7EFB38}" = lport=57499 | protocol=6 | dir=in | name=pando media booster |
"{F2E52D8C-60BF-4391-A217-88D275D3B232}" = lport=57499 | protocol=6 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EAF5D70-BC62-4201-B640-1A90D0BEA8C9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{42DFF1B6-B887-419E-8860-A38BCBCBCBAC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{59EF3F0E-F9D8-4913-960D-61D92DD56C3D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{69A923DF-4550-432A-96DD-2C874135EF70}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{81D7E5AA-B02B-4D10-A162-E4F4949F74A0}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{89FF74F1-D82B-4868-A7EE-59D07472E537}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D29C0B82-FD1F-4DBA-BCDF-8A66F85E41C9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DA055567-625C-4410-ABE4-9C2F54339103}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EBEDDF9B-9554-41B3-BD90-6E48449AF0DB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FF6624BF-7EB1-449C-9012-CDD2371F126D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A92A4E2-F9A1-ABBC-4147-D08DC91707BB}" = ATI Catalyst Install Manager
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F93CBB-F87B-A9EE-CEB7-6F26557AFBD7}" = HydraVision
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{E8C38BE9-E053-8C98-01B7-EB0BA725061D}" = ATI Problem Report Wizard
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Eternia LastChaos 1.00" = Eternia LastChaos 1.00
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"Google Chrome" = Google Chrome
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PokerStars.eu" = PokerStars.eu
"PokerStars.net" = PokerStars.net
"SystemRequirementsLab" = System Requirements Lab
"TabletDriver" = Tablet Driver V5.02
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WNLT" = IB Updater Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2013 07:20:11 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761,
fehlerhaftes Modul tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761, Ausnahmecode
0x40000015, Fehleroffset 0x0007a2fd, Prozess-ID 0xdd4, Anwendungsstartzeit 01cdfbb718ec7f58.
Error - 26.01.2013 07:20:11 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761,
fehlerhaftes Modul tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761, Ausnahmecode
0x40000015, Fehleroffset 0x0007a2fd, Prozess-ID 0xdec, Anwendungsstartzeit 01cdfbb718eee1b2.
Error - 26.01.2013 07:30:09 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AirGCFG.exe, Version 3.3.1.51123, Zeitstempel
0x43841483, fehlerhaftes Modul wlanapi.dll!apsGetInterfaceCount, Version 6.0.6002.18541,
Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000139, Fehleroffset 0x00009f5d, Prozess-ID
0xe98, Anwendungsstartzeit 01cdfbb71b1f9b89.
Error - 26.01.2013 08:13:14 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761,
fehlerhaftes Modul tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761, Ausnahmecode
0x40000015, Fehleroffset 0x0007a2fd, Prozess-ID 0xd14, Anwendungsstartzeit 01cdfbbe818cf1d0.
Error - 26.01.2013 08:13:14 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761,
fehlerhaftes Modul tbhcn.exe, Version 1.0.0.5, Zeitstempel 0x50f25761, Ausnahmecode
0x40000015, Fehleroffset 0x0007a2fd, Prozess-ID 0xcfc, Anwendungsstartzeit 01cdfbbe818c0cf2.
Error - 26.01.2013 08:13:35 | Computer Name = Lydia-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 08:13:47 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AirGCFG.exe, Version 3.3.1.51123, Zeitstempel
0x43841483, fehlerhaftes Modul wlanapi.dll!apsGetInterfaceCount, Version 6.0.6002.18541,
Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000139, Fehleroffset 0x00009f5d, Prozess-ID
0xce8, Anwendungsstartzeit 01cdfbbe81215d76.
Error - 26.01.2013 08:25:31 | Computer Name = Lydia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 820 Anfangszeit: 01cdfbbe9c4b917f Zeitpunkt der
Beendigung: 47
Error - 26.01.2013 09:26:06 | Computer Name = Lydia-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 09:27:44 | Computer Name = Lydia-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AirGCFG.exe, Version 3.3.1.51123, Zeitstempel
0x43841483, fehlerhaftes Modul wlanapi.dll!apsGetInterfaceCount, Version 6.0.6002.18541,
Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000139, Fehleroffset 0x00009f5d, Prozess-ID
0xb30, Anwendungsstartzeit 01cdfbc89fa80fe2.
[ System Events ]
Error - 31.12.2012 10:36:37 | Computer Name = Lydia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.12.2012 um 14:37:42 unerwartet heruntergefahren.
Error - 02.01.2013 10:52:52 | Computer Name = Lydia-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.104 über die
Netzwerkkarte mit der Netzwerkadresse BCF685E6F1C7 ist verloren gegangen.
Error - 05.01.2013 07:16:30 | Computer Name = Lydia-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 10.01.2013 10:02:42 | Computer Name = Lydia-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.102 über die
Netzwerkkarte mit der Netzwerkadresse BCF685E6F1C7 ist verloren gegangen.
Error - 10.01.2013 10:06:10 | Computer Name = Lydia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.01.2013 um 15:03:27 unerwartet heruntergefahren.
Error - 14.01.2013 08:46:40 | Computer Name = Lydia-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.141.3821.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9002.0 Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 14.01.2013 17:11:29 | Computer Name = Lydia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.01.2013 um 22:08:57 unerwartet heruntergefahren.
Error - 18.01.2013 13:34:45 | Computer Name = Lydia-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.102 über die
Netzwerkkarte mit der Netzwerkadresse BCF685E6F1C7 ist verloren gegangen.
Error - 19.01.2013 11:21:20 | Computer Name = Lydia-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.102 über die
Netzwerkkarte mit der Netzwerkadresse BCF685E6F1C7 ist verloren gegangen.
Error - 23.01.2013 08:03:21 | Computer Name = Lydia-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report > PS: kein plan warum der PC Lydia heisst XD |