| Zerberus999 | 20.09.2012 10:34 |
Ukash bei Kinox eingefangen, Wiederherstellungspunkt erstellt - ist das System sauber ?
hier die Berichte (mbam,otl,adware)
Werde kinox in Zukunft absolut meiden...
Vielen Dank für eure Unterstützung Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.20.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mandy :: MW-PC [Administrator]
20.09.2012 09:50:16
mbam-log-2012-09-20 (09-50-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 404879
Laufzeit: 1 Stunde(n), 18 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
OTL Logfile: Code:
OTL logfile created on: 19.09.2012 11:58:59 - Run 7
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Manfred\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 30,94% Memory free
3,50 Gb Paging File | 2,05 Gb Available in Paging File | 58,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 86,26 Gb Free Space | 58,93% Space Free | Partition Type: NTFS
Drive J: | 102,48 Gb Total Space | 91,45 Gb Free Space | 89,24% Space Free | Partition Type: NTFS
Drive K: | 216,80 Gb Total Space | 169,74 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Computer Name: MW-PC | User Name: Mandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Manfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programs\PartyGaming\PartyGaming.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programs\PartyGaming\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!\FriFon32.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
========== Modules (No Company Name) ==========
MOD - c:\Programs\PartyGaming\PartyPoker\GameTable.dll ()
MOD - C:\Programs\PartyGaming\PartyGaming.exe ()
MOD - C:\Programs\PartyGaming\DM.dll ()
MOD - C:\Programs\PartyGaming\js3250.dll ()
MOD - C:\Programs\PartyGaming\PGBrowserEngine.MZFF.dll ()
MOD - C:\Programs\PartyGaming\ArticleManager.dll ()
MOD - C:\Programs\PartyGaming\PGBrowser.dll ()
MOD - C:\Programme\Secure Eraser\SecEraser32.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programs\PartyGaming\PGImageDll.dll ()
MOD - C:\Programs\PartyGaming\zlib1.dll ()
MOD - C:\Programs\PartyGaming\libeay32.dll ()
MOD - C:\Programs\PartyGaming\ssleay32.dll ()
MOD - C:\Programs\PartyGaming\plugins\NPSWF32.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\Mandy\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (CHIPDRIVE USB SmartCardReader) -- C:\Windows\System32\drivers\TwkUsb2K.sys (SCM Microsystems Inc.)
DRV - (TWKSER2K) -- C:\Windows\System32\drivers\TWKSER2K.sys (SCM Microsystems Inc.)
DRV - (TwkMs) -- C:\Windows\System32\drivers\TWKMS.sys (Towitoko AG)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 37 9B B1 CF 25 CB 01 [binary data]
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00 [binary data]
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 3A 7E A4 D5 8C CB 01 [binary data]
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089418096-166783736-872965610-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.mozilla.com/de/firefox/help/|hxxp://www.mozilla.com/de/firefox/customize/|hxxp://www.mozilla.com/de/firefox/community/|hxxp://www.mozilla.com/de/firefox/about/"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.100006
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.10 13:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.10 13:33:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.24 09:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 11:05:28 | 000,000,000 | ---D | M]
[2010.09.08 12:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandy\AppData\Roaming\mozilla\Extensions
[2010.09.08 12:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.09.06 12:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mandy\AppData\Roaming\mozilla\Firefox\Profiles\4e8y23mg.default\extensions
[2011.10.12 13:45:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mandy\AppData\Roaming\mozilla\Firefox\Profiles\4e8y23mg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.19 12:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.26 21:54:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\MANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4E8Y23MG.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Skype Click to Call = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.05.02 23:16:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3089418096-166783736-872965610-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3089418096-166783736-872965610-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3089418096-166783736-872965610-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe ()
O4 - HKU\S-1-5-21-3089418096-166783736-872965610-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3089418096-166783736-872965610-1003..\Run: [Free Hide IP] C:\Program Files\FreeHideIP\FreeHideIP.exe File not found
O4 - HKU\S-1-5-21-3089418096-166783736-872965610-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-U4CJ4.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3089418096-166783736-872965610-1000..\RunOnce: [Report] \AdwCleaner[S5].txt ()
O4 - Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fon.lnk = C:\Programme\FRITZ!\FriFon32.exe (AVM Berlin)
O4 - Startup: C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk = C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3089418096-166783736-872965610-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3089418096-166783736-872965610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3089418096-166783736-872965610-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mandy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E760D1-4A3B-44C6-A742-B6414DB911DE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.19 10:32:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.18 09:11:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.18 09:11:03 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.18 09:11:03 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.18 09:10:49 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.18 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\Mandy\AppData\Roaming\Skype
[2010.08.28 13:17:18 | 000,409,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\wab.dll
========== Files - Modified Within 30 Days ==========
[2012.09.19 12:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.19 11:55:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 10:38:00 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 10:38:00 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 10:32:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.19 10:31:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 10:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 10:30:30 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 08:58:25 | 000,000,120 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.09.18 09:24:31 | 000,653,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 09:24:31 | 000,615,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 09:24:31 | 000,129,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 09:24:31 | 000,106,230 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 09:11:54 | 000,711,240 | ---- | M] () -- C:\Windows\is-U4CJ4.exe
[2012.09.18 09:11:54 | 000,012,842 | ---- | M] () -- C:\Windows\is-U4CJ4.msg
[2012.09.18 09:11:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.18 09:11:54 | 000,000,380 | ---- | M] () -- C:\Windows\is-U4CJ4.lst
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 18:51:22 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
========== Files Created - No Company Name ==========
[2012.09.19 08:57:29 | 000,000,120 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.09.18 09:11:54 | 000,711,240 | ---- | C] () -- C:\Windows\is-U4CJ4.exe
[2012.09.18 09:11:54 | 000,012,842 | ---- | C] () -- C:\Windows\is-U4CJ4.msg
[2012.09.18 09:11:54 | 000,000,380 | ---- | C] () -- C:\Windows\is-U4CJ4.lst
[2012.08.16 14:54:49 | 000,027,136 | R--- | C] () -- C:\Windows\nsgermanres.dll
[2012.08.16 14:54:49 | 000,025,600 | R--- | C] () -- C:\Windows\nsenglishres.dll
[2012.08.16 14:50:49 | 000,596,480 | R--- | C] () -- C:\Windows\~~~t~.exe
[2012.04.14 20:10:12 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2012.04.14 20:09:41 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC84Euro.ini
[2011.10.12 16:38:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.10.12 16:36:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.11.04 11:03:31 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.07.21 22:49:39 | 000,000,017 | ---- | C] () -- C:\Users\Mandy\AppData\Local\resmon.resmoncfg
========== LOP Check ==========
[2011.11.05 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\ASCOMP Software
[2010.08.29 18:25:29 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\Canon
[2011.05.28 09:35:29 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\ChessBase
[2011.10.12 13:45:01 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.14 14:25:07 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\FreeHideIP
[2010.08.28 19:00:44 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\FRITZ!
[2010.07.21 11:36:20 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\OpenOffice.org
[2010.07.21 12:10:01 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\Opera
[2011.10.12 16:38:29 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\Samsung
[2010.11.04 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\ScanSoft
[2010.09.08 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\TomTom
[2012.03.06 18:53:44 | 000,000,000 | ---D | M] -- C:\Users\Mandy\AppData\Roaming\TrueCrypt
[2012.04.12 12:40:31 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\01027
[2012.04.14 21:20:34 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\01030
[2012.04.23 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\01033
[2012.04.24 11:25:28 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\01034
[2012.04.26 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\01035
[2010.11.04 11:07:22 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\Canon
[2012.06.04 13:13:36 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\ChessBase
[2011.10.12 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\DVDVideoSoft
[2012.02.14 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\FreeHideIP
[2012.08.28 10:01:37 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\FRITZ!
[2012.07.14 14:46:36 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\gtk-2.0
[2012.02.14 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\Hide IP NG
[2012.04.12 12:40:17 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\kock
[2010.07.21 12:56:37 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\OpenOffice.org
[2011.06.30 12:09:39 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\Opera
[2012.09.19 11:39:33 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\Party
[2011.10.12 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\Samsung
[2010.11.04 11:12:17 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\ScanSoft
[2010.08.31 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\TomTom
[2012.03.06 19:08:42 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\TrueCrypt
[2012.04.27 08:42:23 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\UAs
[2012.04.30 23:10:42 | 000,000,000 | ---D | M] -- C:\Users\Manfred\AppData\Roaming\xmldm
[2012.09.19 07:39:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 19.09.2012 11:58:59 - Run 7
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Manfred\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 30,94% Memory free
3,50 Gb Paging File | 2,05 Gb Available in Paging File | 58,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 86,26 Gb Free Space | 58,93% Space Free | Partition Type: NTFS
Drive J: | 102,48 Gb Total Space | 91,45 Gb Free Space | 89,24% Space Free | Partition Type: NTFS
Drive K: | 216,80 Gb Total Space | 169,74 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Computer Name: MW-PC | User Name: Mandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3089418096-166783736-872965610-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\Manfred\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030A14E2-5280-4817-9EC5-4F3D9A8EF5C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14255480-52CA-43A3-9BC0-444DB17F0415}" = lport=139 | protocol=6 | dir=in | app=system |
"{1BB3C65C-A949-4CDA-ADA9-771DC5F75BC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{25FECADA-AD2D-44E0-954C-DAC2584C8358}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2DF2934A-578B-4C9D-B4F0-AE3037D85DFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{33C8A4F8-F756-44F1-8B67-63DB5F5885D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{373DD532-69A1-4D05-80B9-043CB9EC3B84}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C855083-B1E6-44A7-B950-306B4ABCAA7B}" = lport=137 | protocol=17 | dir=in | app=system |
"{62E8E1E6-5E08-48D7-A9AB-0B6E8AA79E68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{632C2579-77AA-4B30-81A6-4563DCB8FD21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{708460B3-CFDE-4F63-A6D4-15084DC05BE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7123300F-6966-4408-B228-8E50CD919B94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{804E944D-5FB0-469E-8E57-A1836F0B800B}" = rport=445 | protocol=6 | dir=out | app=system |
"{83C4F7EE-35B0-499B-9C53-5C43AF271744}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9D2152FB-7C0C-4E57-83C3-2729117F8361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4D41DFC-2299-4478-A327-74F1D60D1AA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABAF38AD-AC8B-47A3-9AED-7F53165DA823}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4753293-8A88-48FE-AC68-04D0D5735994}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA314B2E-549B-4F2A-9CBD-B9CF49D149E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA4CADCA-8D26-49D7-BE21-EEC6434D4044}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2E46FAD-B983-4D20-8A54-C4DB78F77EA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E72F8B23-81AF-4769-85BC-E166EDE647C5}" = rport=137 | protocol=17 | dir=out | app=system |
"{E92105D6-6E25-4A40-90B9-C80721D2F3AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EEC70786-585F-4050-8D23-F1064AC3619E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09451369-C0F0-4D73-A836-7A7792157659}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{118A20C7-A269-4A16-AE17-A35F26B25F3A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1332A863-EEDB-495F-BA4C-014CF5F76A04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13600E49-7102-42B6-9B87-9627E3803A77}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17AA6649-2273-44A6-88B1-DAB610FD7120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{231BE1FD-2274-43A5-BBF1-83826C63F472}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{49C917C2-095B-4A0B-880F-F871BEE5932A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{4A3850C7-F9D4-4409-BAA1-FD8002333542}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{626C12A7-4FD5-47AF-94D7-6A78AF8F01BE}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{74D749D8-C8C6-4376-8BC3-8A1DC67DF5BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B4BCF5C-3EEE-4CB8-87C9-E1740EB6214F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B513D0F-D62E-41DA-B891-3701E7A81FF0}" = protocol=6 | dir=out | app=system |
"{9555DB77-8C8E-4D0B-ADB2-DA2E129EC1FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{986FC85A-76C3-4170-BFE8-E9E39B24BB55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E850EA5-ECFC-456E-81EC-B3FE243CC403}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A5A7ECCE-1CA7-4CBF-A484-8897FEF00448}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{A9A711B3-9CCF-4B24-A672-02A210F91626}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AAEADB99-7AEA-4A5E-B700-8241B46AED47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5C483A8-BE49-4448-9FBA-C43D90F4AF52}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{CC0D1A45-2F7B-4A48-9E32-9DAF4913A96F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0B47DD4-42CA-44E9-A69D-02FAD051D387}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D4481360-F55F-42B8-9505-054FC6B52773}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DDD5A4D3-33E4-47F6-AED4-18BA6DCEDBDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF91C4AE-2D42-42D8-A665-8B5ED6D69658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1EC196E-66C6-474D-ACA5-F37CAE2AC2D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0FE6E614-138D-4650-A0B1-6AF4A506BE8A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1BB4A3DD-8CE5-43C3-ADF6-0CAC1BCF9E3F}C:\users\manfred\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\manfred\appdata\local\programs\opera\opera.exe |
"TCP Query User{1CAC9B5E-45DD-4CE7-922D-59F9E9ECBE40}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{1FAE44DB-F19D-42A0-8ED1-5D4F66CE3126}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |
"TCP Query User{5F0E50CC-EFEF-455C-AB6C-B8A27B5C0EDC}C:\users\manfred\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\manfred\appdata\local\programs\opera\opera.exe |
"TCP Query User{6BF0B4E5-573A-43DC-9798-59E8AF81F7AB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{700ADA18-11D6-4E1D-9F7B-B51554F61726}C:\netstorm\r.exe" = protocol=6 | dir=in | app=c:\netstorm\r.exe |
"TCP Query User{75C18B7F-6D6C-448D-841C-95FEFA8D078D}C:\netstorm\netstorm.exe" = protocol=6 | dir=in | app=c:\netstorm\netstorm.exe |
"TCP Query User{8FAE783B-1D6F-433C-A2A3-4A5367EDD092}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9815D8A5-27FE-43F3-A9B2-D4813ADE7C0B}C:\program files\phoenixrc\phoenixrc.exe" = protocol=6 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"TCP Query User{ACFED5DA-63C9-4BA8-AE6D-40B8AC3A0A88}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C52F15DA-C2D8-4582-BB2E-687E272E2EF9}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"TCP Query User{D6CBF0A6-752B-424B-AB30-9A38F6D764B7}C:\users\manfred\appdata\local\temp\cusersmanfredappdatalocalprogramsopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\manfred\appdata\local\temp\cusersmanfredappdatalocalprogramsopera\operaupgrader.exe |
"TCP Query User{EEB85844-6D1A-4218-B85C-C259677B9AE5}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{00866ABE-79D1-4474-9BE8-6F77AF0807D7}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{12A07C3E-3CD7-4B9D-B286-9922E85B256D}C:\users\manfred\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\manfred\appdata\local\programs\opera\opera.exe |
"UDP Query User{5497FC38-E410-4EE1-A6B6-09CBFDC20FD3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{6E21EC15-BD14-4E07-AD91-14A6E58C6823}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{714873DA-6BB1-4EEF-91EF-ACCF41E0E87B}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |
"UDP Query User{749BEAB5-8A4B-4FF7-A085-239EBE5C4438}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{78AA3000-7C24-42B6-A33F-48C453C1DFC6}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{8B66EE25-1C0F-47CF-A769-29CB1B5C12C4}C:\users\manfred\appdata\local\temp\cusersmanfredappdatalocalprogramsopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\manfred\appdata\local\temp\cusersmanfredappdatalocalprogramsopera\operaupgrader.exe |
"UDP Query User{8DE827A8-AC3C-4331-A7D3-1F064263373F}C:\users\manfred\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\manfred\appdata\local\programs\opera\opera.exe |
"UDP Query User{9A26DB24-A1F2-44CB-92A0-60E600758FB7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B4AFEE51-9299-43A8-B53E-141F6BAD4CB9}C:\netstorm\r.exe" = protocol=17 | dir=in | app=c:\netstorm\r.exe |
"UDP Query User{C39F1E5B-6143-41CC-88FD-86EF1E58ED89}C:\netstorm\netstorm.exe" = protocol=17 | dir=in | app=c:\netstorm\netstorm.exe |
"UDP Query User{C7B7696F-9B8B-4794-B71B-70AD9D924BD5}C:\program files\phoenixrc\phoenixrc.exe" = protocol=17 | dir=in | app=c:\program files\phoenixrc\phoenixrc.exe |
"UDP Query User{F60A378F-97A6-4744-A457-0DB4A070E988}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{66B6D13A-9CC1-417D-B6F2-58AA539D1031}" = Nero 7 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D44070C-86F9-424A-B514-6907E4335BCE}" = PhoenixRC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7C88CEF6-A49B-4DBB-B0A7-84A8DDAA21DB}" = StarMoney 7.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85A322E1-8D87-424E-A399-E76B1875499C}" = Microsoft Report Viewer Redistributable 2005 Language Pack - DEU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}" = Feedanzeige für Windows SideShow
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F043DFF6-B3E7-4D93-B859-B28C09BDF1DA}" = Beschluss-Verwaltung Runtime-Komponenten
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.0 Final
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC84 Referenzhandbuch" = ESC84 Referenzhandbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JSDK2.0" = Java Servlet Development Kit 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Report Viewer Redistributable 2005 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2005 Language Pack - DEU
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PartyPoker" = PartyPoker
"PlayChess" = PlayChess
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Secure Eraser_is1" = Secure Eraser v4.0
"SopCast" = SopCast 3.2.9
"Swiss-Chess für Windows Differnz-Update 8.03->8.60" = Swiss-Chess für Windows Differnz-Update 8.03->8.60
"Swiss-Chess für Windows Differnz-Update 8.03->8.72" = Swiss-Chess für Windows Differnz-Update 8.03->8.72
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3089418096-166783736-872965610-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Opera 11.61.1250" = Opera 11.61
"Opera 11.62.1347" = Opera 11.62
"Opera 12.01.1532" = Opera 12.01
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2012 05:12:50 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000182ec ID des fehlerhaften
Prozesses: 0xacc Startzeit der fehlerhaften Anwendung: 0x01cd6d6a51833629 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE Pfad des fehlerhaften
Moduls: C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE Berichtskennung: 9155e8a3-d95d-11e1-840a-404e57434401
Error - 29.07.2012 05:12:55 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.6117.5003,
Zeitstempel: 0x4f622ef8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000182ec ID des fehlerhaften
Prozesses: 0xacc Startzeit der fehlerhaften Anwendung: 0x01cd6d6a51833629 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE Pfad des fehlerhaften
Moduls: C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE Berichtskennung: 94cabd5c-d95d-11e1-840a-404e57434401
Error - 01.08.2012 10:06:22 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b909090 ID des fehlerhaften
Prozesses: 0xcac Startzeit der fehlerhaften Anwendung: 0x01cd6f9d5fb72880 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 121c9842-dbe2-11e1-a39b-404e57434401
Error - 04.08.2012 03:05:04 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 14.0.8117.416,
Zeitstempel: 0x4bc9368e Name des fehlerhaften Moduls: MSMAIL.DLL, Version: 14.0.8117.416,
Zeitstempel: 0x4bc9370c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010f380 ID des fehlerhaften
Prozesses: 0xfd4 Startzeit der fehlerhaften Anwendung: 0x01cd720eb936beb6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Windows Live\Mail\MSMAIL.DLL Berichtskennung: b6cf8c88-de02-11e1-9201-404e57434401
Error - 14.08.2012 17:47:54 | Computer Name = MW-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b44 Startzeit:
01cd7a66264b5aa3 Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
afb6094f-e659-11e1-9951-404e57434401
Error - 16.08.2012 08:48:27 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_unknown, Version: 0.0.0.0,
Zeitstempel: 0x345a4dca Name des fehlerhaften Moduls: iphlpapi.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b859 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000083af ID des fehlerhaften
Prozesses: 0x16c0 Startzeit der fehlerhaften Anwendung: 0x01cd7bad51559567 Pfad der
fehlerhaften Anwendung: D:\Setup.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\iphlpapi.DLL
Berichtskennung:
ac0576f5-e7a0-11e1-b282-404e57434401
Error - 26.08.2012 11:44:59 | Computer Name = MW-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.1.1532.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 124c Startzeit:
01cd83938d768d07 Endzeit: 10 Anwendungspfad: C:\Users\Manfred\AppData\Local\Programs\Opera\opera.exe
Berichts-ID:
fae63a51-ef94-11e1-849a-404e57434401
Error - 14.09.2012 12:24:54 | Computer Name = MW-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.1.1532.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16c4 Startzeit:
01cd9295413feddb Endzeit: 32 Anwendungspfad: C:\Users\Manfred\AppData\Local\Programs\Opera\opera.exe
Berichts-ID:
b4c21cc6-fe88-11e1-a50d-404e57434401
Error - 18.09.2012 03:04:29 | Computer Name = MW-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 18.09.2012 16:07:30 | Computer Name = MW-PC | Source = Application Hang | ID = 1002
Description = Programm SopCast.exe, Version 3.2.9.329 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 960 Startzeit:
01cd95d8c597b451 Endzeit: 81 Anwendungspfad: C:\Program Files\SopCast\SopCast.exe Berichts-ID:
75e0c93c-01cc-11e2-a924-404e57434401
Error - 18.09.2012 16:08:00 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SopCast.exe, Version: 3.2.9.329,
Zeitstempel: 0x4ba825e5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74007800 ID des fehlerhaften
Prozesses: 0x778 Startzeit der fehlerhaften Anwendung: 0x01cd95d94231e005 Pfad der
fehlerhaften Anwendung: C:\Program Files\SopCast\SopCast.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 8b3b20c7-01cc-11e2-a924-404e57434401
[ Media Center Events ]
Error - 22.07.2010 18:08:06 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 00:08:06 - Fehler beim Herstellen der Internetverbindung. 00:08:06
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2010 18:08:12 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 00:08:11 - Fehler beim Herstellen der Internetverbindung. 00:08:11
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 03:35:29 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 09:35:29 - Fehler beim Herstellen der Internetverbindung. 09:35:29
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 03:35:40 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 09:35:34 - Fehler beim Herstellen der Internetverbindung. 09:35:35
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 04:35:48 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 10:35:48 - Fehler beim Herstellen der Internetverbindung. 10:35:48
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 04:35:57 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 10:35:53 - Fehler beim Herstellen der Internetverbindung. 10:35:53
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 05:36:01 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 11:36:01 - Fehler beim Herstellen der Internetverbindung. 11:36:01
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 05:36:07 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 11:36:06 - Fehler beim Herstellen der Internetverbindung. 11:36:06
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 06:36:12 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 12:36:12 - Fehler beim Herstellen der Internetverbindung. 12:36:12
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2010 06:36:19 | Computer Name = MW-PC | Source = MCUpdate | ID = 0
Description = 12:36:17 - Fehler beim Herstellen der Internetverbindung. 12:36:17
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.09.2012 02:42:28 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2012 um 00:27:53 unerwartet heruntergefahren.
Error - 13.09.2012 05:49:01 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 14.09.2012 00:42:18 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?09.?2012 um 23:18:19 unerwartet heruntergefahren.
Error - 14.09.2012 06:29:08 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 14.09.2012 18:59:35 | Computer Name = MW-PC | Source = DCOM | ID = 10005
Description =
Error - 14.09.2012 18:59:35 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 16.09.2012 00:20:36 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?09.?2012 um 00:21:39 unerwartet heruntergefahren.
Error - 18.09.2012 02:58:03 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?09.?2012 um 08:57:10 unerwartet heruntergefahren.
Error - 18.09.2012 03:04:29 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 18.09.2012 13:31:36 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WinHttpAutoProxySvc erreicht.
< End of report >
--- --- --- Code:
# AdwCleaner v2.002 - Datei am 09/20/2012 um 11:32:03 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Mandy - MW-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Manfred\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Manfred\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v12.0 (de)
Profilname : default
Datei : C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\4e8y23mg.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\0rp372x7.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Manfred\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Mandy\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Manfred\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R15].txt - [1636 octets] - [20/09/2012 11:32:03]
########## EOF - \AdwCleaner[R15].txt - [1697 octets] ##########
|
