adwCleaner: Code:
# AdwCleaner v2.007 - Datei am 17/11/2012 um 00:16:44 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : F:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : F:\Users\***\AppData\Local\funmoods.crx
Ordner Gelöscht : F:\Program Files (x86)\Funmoods
Ordner Gelöscht : F:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gelöscht : F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.10.9200.16433
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\prefs.js
F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : F:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.10.1652.0
Datei : F:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8232 octets] - [16/11/2012 19:23:20]
AdwCleaner[S1].txt - [8294 octets] - [17/11/2012 00:16:44]
########## EOF - F:\AdwCleaner[S1].txt - [8354 octets] ##########
OTL.txt erster Run war ohne Haken bei alle Benutzer, darum Run 2
wg zu großem Text diese als 7.zip-Datei angehängt.
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 17.11.2012 00:32:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Users\***\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16433)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,83% Memory free
9,16 Gb Paging File | 6,58 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,52 Gb Free Space | 44,30% Space Free | Partition Type: NTFS
Drive D: | 37,43 Gb Total Space | 37,33 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
Drive E: | 214,17 Gb Total Space | 201,86 Gb Free Space | 94,25% Space Free | Partition Type: NTFS
Drive F: | 214,16 Gb Total Space | 129,15 Gb Free Space | 60,31% Space Free | Partition Type: NTFS
Drive G: | 2,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Z: | 465,64 Gb Total Space | 375,77 Gb Free Space | 80,70% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- F:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4294960547-1859764328-567268877-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E623EA-6DDC-4CF6-AE8B-8C6B73156EBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0DB9AC38-A33A-45D2-95F4-E2E533171D3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{142DB905-2784-4F83-972B-88584A31AC07}" = lport=139 | protocol=6 | dir=in | app=system |
"{179CD4F1-C7EF-40DC-BF9B-F5C7FF235543}" = rport=445 | protocol=6 | dir=out | app=system |
"{19BF69C9-421E-4431-A910-76403502EB13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A4AFDC3-6311-4241-B81C-56A9E481EC35}" = lport=445 | protocol=6 | dir=in | app=system |
"{20BC817E-5372-42E2-848A-3F67CFB3F599}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\outlook.exe |
"{38A45412-150F-406D-B1E0-47F168EC2103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A79592E-C935-4A47-9791-300D2AED2888}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49293E50-5CA8-44A2-AA9D-7B2ED5D1F0E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FE0C7-44B2-4E1F-8468-8C29E2709528}" = lport=58083 | protocol=6 | dir=in | name=pando media booster |
"{56A883A6-59D5-4015-8661-09E59209361E}" = lport=58083 | protocol=6 | dir=in | name=pando media booster |
"{587870DB-1022-4718-9BE4-7E4A4D7FE07F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{632750FA-94D0-472B-ADFF-268BD2EA54E3}" = lport=58083 | protocol=17 | dir=in | name=pando media booster |
"{6AE4AFF8-D022-4D8D-880E-8B9493A86F44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DA0855B-8A79-4D59-90E3-2707D3033D89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91F7436D-D1E7-4EAD-8320-FB9931335554}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C942CC9-80A6-44D9-86CB-0B6374B11B2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DA7479E-4671-44EF-A374-20142A4A4C7B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A881E1BE-DD34-4D1D-BEE8-B1784D2713AC}" = lport=58083 | protocol=17 | dir=in | name=pando media booster |
"{B14DEA1B-6537-4B34-9340-7C2374E8AC2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B59E59BA-AB91-4EFE-8FB5-ADDF00B8909D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BED1AB38-31C6-41A4-8D88-4EC9F7428CC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C02033EA-E545-410F-AA6A-879E917ECCE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB086D14-71DF-49B0-ADA1-2F190305A28E}" = rport=137 | protocol=17 | dir=out | app=system |
"{F88E0354-36E2-472A-8D22-51DDEC3A4431}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B26E01-7A84-4D95-9556-A147B1B1A16A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{014942BB-FFD5-4F3F-AF3E-94F8FB51C6E7}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0763F6C2-FB2C-4E69-83AD-C82D78F0A603}" = protocol=6 | dir=out | app=system |
"{10545497-BE28-4DFB-9A64-946EDD631BA4}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{1230177E-1BFD-41AB-889C-005621620AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1252098D-CDE8-4DE1-90D6-9C9349257366}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{15801474-6728-42A1-A50A-4229FE284656}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{166BF47D-EF34-495F-AC7B-66BAD071B9D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F0D82D1-B542-4BCE-A0E9-B0DF2A5F7E3C}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{2182438B-D351-4BF2-9BBA-5AB5ECCC16E9}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{21A368CB-DA13-4505-AF58-57CBC62E7125}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{25089326-A3F5-4E0B-846B-ACE5665912DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A1B0EF0-6C07-42B6-A5E6-65FD4F7C709B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2EEF4EC5-1E46-4BEB-83A1-98C9B5BB2C4C}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{2EFEC5E8-F301-45FC-9AC6-BF25E1C68999}" = protocol=6 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{34C95CEF-BA39-45AD-A6C1-E67982C17E34}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{36A7D405-4590-47CE-92B3-A1D72DEAAC24}" = protocol=17 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{40237F2E-D268-4DF6-97B9-E6090FB04040}" = protocol=6 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{4344A6BA-AD94-4C64-92C5-E90170144BF8}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{488F1F1D-03F6-4156-8C59-575D7D175AB5}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\opera.exe |
"{5272ACEA-168D-496A-9BB0-1F74E38E414F}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{5443E6FA-07EF-42D9-8988-DC889C0D080E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55CB7D01-8CB4-40DA-98D0-A12605F83EFB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5870E316-D54D-4F59-806B-D981FECA0126}" = dir=out | name=der spiegel |
"{5DDCA3BF-5E8C-4657-92A4-D1856E7BD73D}" = dir=out | name=netzkino |
"{6998EF6A-6693-4C54-B1D9-8C58F4F30911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70B64670-5C10-4611-AF52-1B662741665A}" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"{78D46D8F-108A-488C-BF10-30F33C3F2C25}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7992A419-4620-4C4A-83CF-2DFC4D306DFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{f:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81C8950D-D686-40DA-A1B5-A25E026B47A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{829B72AF-5E14-4E23-A656-696D8AD7F47A}" = dir=out | name=@{microsoft.zunemusic_1.1.137.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{82B9B39E-477E-48F4-B16F-6BA0CBFB9D8A}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{84414EA2-67CE-474B-BD65-450B9155B65D}" = protocol=6 | dir=in | app=f:\windows\syswow64\muzapp.exe |
"{84552B65-106B-4531-ABDA-541359CADDC0}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{85773ADE-5851-415E-BEE7-D73C969AAAF0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A29F343-4315-47F7-B8ED-9D596E6B4841}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{90275F2A-1F92-4438-AFF3-BFED5E2DEC5B}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe |
"{9235392B-5F02-46FA-B08F-E7AA069E2D2E}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{94910AE7-410D-4175-81B9-C1C928599DE2}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\opera.exe |
"{9679E1BD-3105-42D2-816C-63C76C9F5F68}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{9819B20A-8851-4D4D-9D9F-8204FE337680}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A392E3BA-CE42-4CFD-B0A2-28085DAFF2E6}" = dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{A80B1146-F624-4017-B454-933B76ED6085}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{AB109923-26CD-41F6-9C2F-1554465DF24E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB6B9155-BFA9-4299-8FEC-C6EE31A3E17C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{ABB96756-9ABC-4F46-AAAA-447BAB6315C1}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B3518AAD-F398-4724-8F8A-EEF12695AF1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4AB3CDA-763F-4B8F-9370-3023F73C83F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B975E6FE-654F-4760-912E-E4CFD43B7F72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA8F4048-9183-4D15-8C3D-96D252755FB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0BF57B4-B1DF-40F1-AA5A-A645F65D3959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C67E2DA4-D1B4-4AA4-8871-3CF29015023C}" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"{C697FFF9-694E-4406-B123-E1E8FF70DA01}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{C7532BEB-020C-4DF0-8B2C-6E07948D7225}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{CEFE7706-9D2D-4243-9260-B595323D52F1}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{CF5C170F-44E0-41D0-98C6-D8FE18ACE82F}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D3A76538-ECA6-4A75-86FF-1D94BFD43B81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5801468-F126-4996-94C4-C3F6DED17AB7}" = protocol=17 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{DD795D6A-A6EA-476A-9A2B-47B3CF188ECD}" = dir=out | name=wetter.com |
"{E32F110E-D17A-44BA-BBD4-F03504A1EA6D}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{f:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F2932045-1C3A-4AC8-B7D5-046442E0B97E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F2A618D2-EDA5-4E59-BDB8-8B49C2CFC796}" = protocol=17 | dir=in | app=f:\windows\syswow64\muzapp.exe |
"TCP Query User{381A1BD8-1F7D-4712-97F4-569662ABEF3F}F:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7BFCE3E6-C412-41B7-9B2F-1478A22E7D28}F:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1686185A-3D85-428D-8786-ACB403B9D420}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{8EB5554F-0A28-49EE-9FBA-0A41079F3B92}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{8ECC12DC-7819-402A-B54E-A991558C81B1}" = Oracle VM VirtualBox 4.2.0
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.4.8 (64-bit)
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E85458A-9B00-443F-A187-2E06DBB15E43}" = LibreOffice 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.6.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.10.1652" = Opera 12.10
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4294960547-1859764328-567268877-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 16:17:50 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x5b4 Startzeit der fehlerhaften Anwendung: 0x01cdc2a50b45c492 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5c43211e-2e98-11e2-be7b-f41521414033
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:14:47 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x3f8 Startzeit der fehlerhaften Anwendung: 0x01cdc322543190aa Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: a98ffab0-2f15-11e2-be7f-eda977f61984
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:15:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x460 Startzeit der fehlerhaften Anwendung: 0x01cdc322736a0365 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: c65c7cfb-2f15-11e2-be7f-eda977f61984
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:39:51 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (1).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x780 Startzeit der fehlerhaften Anwendung: 0x01cdc3255108a704 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (1).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 2a61d9df-2f19-11e2-be81-00268316c359
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 08:26:22 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.11.2012 09:37:02 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.11.2012 13:17:51 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f24 Startzeit: 01cdc41df11f3716 Endzeit: 1 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 8acf388b-3011-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 13:32:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 998 Startzeit: 01cdc41ffb8d032c Endzeit: 2 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 87ece012-3013-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 13:36:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17c0 Startzeit: 01cdc420cf106563 Endzeit: 2 Anwendungspfad:
F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 21c09a00-3014-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 14:36:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c90 Startzeit: 01cdc42948db840c Endzeit: 0 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 90adb3d5-301c-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 15.11.2012 07:14:02 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:07 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:54 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:59 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:15:38 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:15:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 08:27:54 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.11.2012 15:24:03 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.11.2012 19:18:50 | Computer Name = *** | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147549460.
Error - 16.11.2012 19:18:50 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
dem folgenden dienstspezifischen Fehler beendet: %%2147549460
< End of report >
Was mir aufgefallen ist. adwcleaner hat Funmoods-Einträge gelöscht. Auf dem Desktop hab ich aber noch eine Datei FunmoodSetup liegen.
Gruß
verrant |
