| |
| |||||||
Log-Analyse und Auswertung: Kann CodecV & Incredibar nicht mehr entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.09.2012, 12:10
| #1 |
 |  Kann CodecV & Incredibar nicht mehr entfernen Hi! Ich benutze Firefox und habe mir irgendwie MyStart IncrediBar (BrowserToolbar) und CodecV eingefangen - scheinbar gleichzeitig, denn es tauchten beide vor ner Woche zu erst auf. Ich habe beide Deinstalliert (Registry bzw das AddOn) und auch Datenreste im Explorer aufgesucht und manuell gelöscht. Aber ich habe immer noch sowohl CodecV gesteuerte Werbe-PopUps (oder zB wird jedes Wort wie "Spiel" zu nem Link mit Werbung), als auch das Problem, dass neue Tabs immer mystart.incredibar.com öffnen. Habe das versucht unter about:config zu ändern aber das reseted sich auch bei Firefox Neuinstallation immer wieder zur incredibar. Habe mit Malwarebytes und OTL gescannt. Logs lauten wie folgt. MBAM-log.txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 alx :: ALX [Administrator] Schutz: Aktiviert 06.09.2012 12:22:52 mbam-log-2012-09-06 (12-22-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204798 Laufzeit: 5 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 06.09.2012 12:34:48 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\alx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free 7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS Computer Name: ALX | User Name: alx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe PRC - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.12 16:26:37 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.11 15:43:46 | 002,346,496 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\vghd.exe PRC - [2012.06.07 10:12:14 | 000,583,168 | ---- | M] (Totem Entertainment) -- C:\Users\alx\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Modules (No Company Name) ========== MOD - [2012.08.22 14:14:58 | 001,193,176 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.06.11 13:07:48 | 000,083,968 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\QtVhd.dll MOD - [2011.12.20 11:29:50 | 000,184,832 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\dxmodules.dll MOD - [2011.12.16 14:57:04 | 000,073,216 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\System.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Users\alx\AppData\Local\vghd\bin\Windows.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2012.09.04 15:41:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.04 12:43:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 10:48:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 10:48:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.11 23:07:38 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.05.08 10:48:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 10:48:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.13 14:10:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.11.10 13:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.11.10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.11.10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.01.13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2009.01.13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2009.01.13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.01.13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "google" FF - prefs.js..browser.search.selectedEngine: "IMDb" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: 4f807b3748d91@4f807b3748d92.info:1.0 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: kosa@kallout.com:2.2.4 FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.2 FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.6.4 FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.9 FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.9 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\alx\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "199.195.109.23" FF - prefs.js..network.proxy.http_port: 9090 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 21:29:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.06.18 00:40:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.09.04 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.08.18 23:22:47 | 000,000,000 | ---D | M] [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions [2010.03.14 02:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.26 13:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions [2012.08.19 14:36:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.03.18 12:32:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.04.09 11:29:28 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\4f807b3748d91@4f807b3748d92.info [2012.06.29 16:54:49 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\de_DE@dicts.j3e.de [2012.05.15 14:18:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\fb_add_on@avm.de [2012.05.18 15:30:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\alx\AppData\Roaming\mozilla\Firefox\Profiles\ck8le8cj.default\extensions\ich@maltegoetz.de [2012.08.07 17:18:11 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\kosa@kallout.com.xpi [2012.01.12 13:30:42 | 000,037,502 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\searchdictcc@roughael.xpi [2012.02.22 14:07:20 | 000,072,222 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\SkipScreen@SkipScreen.xpi [2012.02.18 22:21:52 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\trackerblock@privacychoice.org.xpi [2011.12.22 10:12:41 | 000,108,965 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2011.07.21 22:52:17 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012.08.22 20:46:08 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.25 10:14:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 01:10:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.08.26 13:03:42 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.08.12 17:27:06 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2012.03.14 09:20:13 | 000,002,321 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\dictcc.xml [2012.02.01 21:06:57 | 000,012,703 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\imdb.xml [2012.02.13 17:42:19 | 000,001,330 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wikipedia-en.xml [2012.05.29 16:07:30 | 000,002,446 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-de.xml [2012.05.29 16:07:13 | 000,001,336 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\wiktionary-en.xml [2011.12.15 16:58:05 | 000,002,057 | ---- | M] () -- C:\Users\alx\AppData\Roaming\mozilla\firefox\profiles\ck8le8cj.default\searchplugins\youtube-videosuche.xml [2011.12.16 21:29:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.20 08:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.01 19:04:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe (Illysoft LLC) O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\alx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\alx\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36DF460-6656-4356-AC69-8A37945ED217}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\AutoRun\command - "" = F:\fscommand\LS_Start_Launch.cmd O33 - MountPoints2\{43c59bd6-2c71-11e1-ad77-00269ea162a6}\Shell\Launcher\command - "" = F:\fscommand\LS_Start_Launch.cmd O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 12:33:41 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.06 12:21:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Malwarebytes [2012.09.06 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.06 12:20:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 12:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.06 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.06 11:54:42 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.06 11:54:35 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [2012.09.06 11:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software [2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.09.06 11:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software [2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2012.09.06 11:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore [2012.09.06 11:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore [2012.09.04 16:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.09.04 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\alx\Documents\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.09.04 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.09.04 09:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.08.24 07:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.24 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.24 07:57:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.23 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskBabes [2012.08.23 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\alx\AppData\Local\vghd [2012.08.19 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.06 12:33:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\alx\Desktop\OTL.exe [2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.09.06 11:47:19 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys [2012.09.06 11:47:12 | 000,000,947 | ---- | M] () -- C:\Users\alx\Desktop\SpyNoMore.lnk [2012.09.06 11:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.05 11:32:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 10:20:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 10:10:06 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 19:09:09 | 000,001,119 | ---- | M] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2012.08.21 13:28:25 | 003,058,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.20 16:52:49 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.20 16:52:49 | 000,699,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.20 16:52:49 | 000,654,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.20 16:52:49 | 000,149,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.20 16:52:49 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 11:54:47 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.09.06 11:54:27 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.09.06 11:47:19 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys [2012.09.06 11:47:12 | 000,000,947 | ---- | C] () -- C:\Users\alx\Desktop\SpyNoMore.lnk [2012.08.23 19:09:09 | 000,001,119 | ---- | C] () -- C:\Users\alx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2012.08.03 17:48:26 | 000,005,664 | ---- | C] () -- C:\Users\alx\.recently-used.xbel [2012.07.10 20:48:37 | 000,009,064 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_48_37.0.svg [2012.07.10 20:35:46 | 000,014,642 | ---- | C] () -- C:\Users\alx\Neues Dokument 2.2012_07_10_20_35_45.0.svg [2012.07.01 22:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.02.02 14:36:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.01.20 14:02:56 | 000,159,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.07.31 18:43:28 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011.07.22 13:22:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\support [2011.01.12 21:11:41 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2011.01.12 12:09:19 | 000,023,761 | ---- | C] () -- C:\Windows\hpqins15.dat.temp [2010.12.25 23:53:04 | 000,023,324 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.12.23 12:53:50 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat [2010.12.23 12:53:50 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat [2010.11.03 11:04:28 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.11.03 11:04:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.03.26 18:43:22 | 000,000,000 | ---- | C] () -- C:\Users\alx\AppData\Roaming\wklnhst.dat [2010.03.26 18:41:04 | 000,006,144 | ---- | C] () -- C:\Users\alx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.21 12:44:56 | 000,020,143 | ---- | C] () -- C:\Users\alx\AppData\Roaming\UserTile.png ========== LOP Check ========== [2012.09.04 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\.minecraft [2012.04.21 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Amazon [2012.08.06 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Artisteer [2012.05.06 11:03:19 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Downloaded Installations [2012.09.06 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\DriverCure [2012.09.05 12:00:46 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Dropbox [2012.05.04 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FILEminimizerPictures [2010.07.30 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FreeVideoConverter [2011.03.10 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\FRITZ! [2011.12.23 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Hitachigst [2010.09.30 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\inkscape [2010.03.15 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Leadertech [2012.08.28 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Mp3tag [2012.07.16 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Nitro PDF [2011.03.04 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Notepad++ [2010.09.03 20:21:20 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Registry Mechanic [2012.07.04 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\RotMG.Production [2012.09.06 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\SpeedyPC Software [2012.09.06 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Spotify [2010.03.14 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Thunderbird [2012.08.24 09:28:54 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\uTorrent [2010.04.01 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\Windows Live Writer [2010.03.05 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\alx\AppData\Roaming\_MDLogs [2010.08.31 23:13:07 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2012.07.19 16:17:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 11:54:32 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job [2012.09.06 11:54:47 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job [2012.09.06 11:54:34 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job [2012.09.06 11:54:33 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:364682BC @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 12:34:48 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\alx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,63% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 8,28 Gb Free Space | 2,91% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Computer Name: ALX | User Name: alx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B003B6-7740-490C-8A8C-84874A5FAC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{325DA056-DF12-4ED8-9D39-569A86619791}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3727B647-83DD-4920-8D76-D4D6C106326E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{395356CA-E1CA-450F-8C50-6385354E41D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{427B4546-A6F8-4C87-BB8D-DE310B48452C}" = rport=445 | protocol=6 | dir=out | app=system |
"{52726DC1-A52A-4665-8F23-392D6436BD56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52B21631-8887-452E-9566-DA17AA5325EC}" = rport=138 | protocol=17 | dir=out | app=system |
"{56D159AF-764B-46B3-821F-C4BA12EB472F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58FF0915-ED23-408D-8A9B-B16DDC3B7DD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{594EEF36-8A27-4066-96C7-278F732F2550}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D17F07C-3486-4664-9D57-313A50417CA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7150B431-B647-4B62-85C7-E43FD6D04F2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8065D405-A7E5-45B4-BA70-ADD8FFE15FA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{836B6DBE-D037-41EC-B905-2038FC56B736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8890C906-E5FB-4ACE-957A-A0397B859463}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{89AE6958-F934-45C9-8257-A5E5F9414D28}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8BBBA242-FD4D-40C6-A2AA-CF619405AA72}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8D4A85B9-DA2F-4E23-B879-632BF79EE11E}" = lport=445 | protocol=6 | dir=in | app=system |
"{97B40887-B583-4427-8FC6-C2328711B0B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A31A9392-1556-4A78-A246-5D0975AB52E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C609BAA2-64F5-4268-9263-D1A338EC3D44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA21C25-FB45-44E3-81E6-1E6B95006C37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0411442-315C-4471-94F4-AA312067F03C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D60377EA-3839-41AD-BFBE-0B9B29F95FDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E448E49D-A6FB-47A9-95DE-AD05D57E19F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E60DDF22-E8CF-42C9-AA9F-541457C7F498}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E714284E-1AA2-4A5D-BDB1-63C75129D48F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F472F24B-692B-474E-8AE4-F5AB5A461A23}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4E5E7BB-0850-4FD7-B9EB-178E1A6E2E34}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009167E-FE81-4CAE-8309-2229CDC7BE3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0652AE9E-CBB7-4253-B535-430B5FE9F4D3}" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"{18CC167E-9187-4BE5-90B8-D99CBD20BEC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1F4B7235-8424-4559-B70F-B455DF76CC16}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{200987D1-EEE2-4026-80EF-076BE68E91EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{25C778CD-A8B4-42AE-B7C4-92AD48CAEDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2DA8CE25-CC91-4283-9014-0684166ECBA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E20B7FE-74A4-4AF5-AF99-3308E6FF1CB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{394A3F8F-08AE-45A5-8AD8-C81F98B9CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4245F6E2-3A76-4D5D-AF6D-44DE11807F93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43B11366-9816-4D1F-A7F4-15EE66E4702A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46379CAA-E9AA-46D8-B0FC-6FB6E997E0FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{4CD90FA8-7041-4BCE-950F-E9B7C4FEECE4}" = protocol=6 | dir=out | app=system |
"{5A61E3D8-C9AD-4549-8CAD-60073A3EEFCA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5E7182CE-3BAB-41C1-9CB9-B6B74DEC5BE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{616A90F0-53E9-43D3-BCFE-35E5ACD59101}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6A0AD46A-063E-4790-9E3D-FF4991FE5E57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B03837F-5284-4FAB-B792-1E90EAE42A69}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{6B29720D-5D88-4340-9A97-FD856D36B7E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D09F2E6-3C22-40E9-948A-ED924764E254}" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"{722B7739-5423-4D97-8E2E-3634600C2B32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76978451-7982-40D0-972D-55A285317817}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{775EB963-9BB2-48EB-B0A3-55B65D2E499A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B7F2A72-398C-419C-AFF1-91E53E0E095F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7CDB582B-600F-44FE-9AC4-BA0C17C707BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{820F9052-5CE4-49B5-94F8-6A98C2875E1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8651F9F0-A2E7-4041-9CF0-FBB57AC0C742}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A8A7919-0005-41FB-B9E8-1F32B36A48E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{914E3213-DC8B-478D-8A8C-0483D5A7FB14}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{946B457E-31AD-4002-A2C0-919A916D7719}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A066A79-67F3-427A-BEA9-61D3AF78E966}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A13CE354-41BA-4913-8ED1-E3AC3909FF6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5065139-3386-4565-8159-17FD10324AF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A658D438-16EA-49E5-AE37-799799EE5E7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A80C8278-2FC0-4894-8B89-36F1922B6F4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A8CE6D14-F52C-4EB0-A0E6-25FCDEAB1F85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9AE84BE-CEBA-49B4-A070-6DD8CD704A64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA61204F-9909-43FD-971E-584ECFF9A0C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BB4F063A-2653-4A68-BD00-BF277C9DA876}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BBD7AAEA-FE38-40EB-93CD-A1CB2FB7843C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{BE0A166B-9A49-4400-8125-7C899882C22D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C5304CA0-6DEC-41F4-B92D-EA58E0623BDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C700FD97-46B1-4D98-A456-0B25E22843FB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CFE2C2AA-D743-4233-9798-304510B06F97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{D5853299-F2A5-46F2-8F17-7D35470B2732}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DFDCF05A-65C1-4807-B2B8-63F5128ED93B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{E08DEC35-8ADB-4855-8689-F3D71ED6FA7F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E08F4DAC-5E45-4EF6-A2E9-DD749D6EED92}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E0F11DF4-358E-4814-B803-8D210B71F4CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E35D10E5-D440-4866-B606-3E719D39E7F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9258ADA-54C3-4B71-9905-D9454B969C3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F94E7E99-F341-4117-A43E-AC6B7C68C619}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{FBDD2786-D634-49A9-B28B-5CDB530996D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FDAD1CEF-135F-412C-A9CE-D9BFBC3850EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF864A5D-EC5E-48BB-9516-41D438EDAC6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"TCP Query User{07B0E97A-0E54-4F67-A877-8B55B83FF123}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{094766DA-1AEB-47D4-98AA-E03FF6184ED8}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe |
"TCP Query User{144AE2CD-06EF-4B6F-B070-91BF1B2F303A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{169CEBC4-B5A9-4D32-9A00-B54337F615FD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{1B1A95F3-447B-4344-BD05-BE714BB60FDD}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{1D6493C9-4A9C-4AE5-A3DC-0343E461C780}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{20405363-E488-406A-B91A-04FBDF442692}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{22E0BE2C-7D93-46AF-85BA-05EAD9BD5310}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"TCP Query User{354DA4BE-C65C-4A3E-8DF4-EE628664DC4B}C:\users\alx\saved games\wciii\war3.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe |
"TCP Query User{4162BCD9-DAD3-4B22-8A56-9BC5D9862107}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{4B44ADB5-54B5-4B7E-84EC-69BE0E977AEE}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{4FF4F65C-4073-47F8-81D3-F491055E3D41}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{52343CD7-453D-4585-BFE7-B6818CE03161}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe |
"TCP Query User{7BA90C37-576E-4A16-BE28-4AA58104EC9A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{837496DE-B014-4614-8F1F-B059D7FB7570}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{85BBB98D-97D8-41B9-8334-2971901EBAAF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8EF1FD4C-2ABE-4CD8-A09B-5DBC80F8A6D0}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{934390B8-DB76-4A35-8AB7-A7E6985D49D8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{9C583F8D-23BB-4B45-AE2F-D13E205E4B77}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9CABF7AD-BE9F-4D5B-9F35-BBF75DB039B5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{9D102304-09E4-4C3C-80E9-1E2C186094B0}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"TCP Query User{C5FDF4E6-29D7-499E-921B-B567D89ACE18}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{C968A564-3CC1-4B95-8A91-0CA0EE0209BF}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"TCP Query User{D4B87156-1C4E-41E4-AD8C-0C35226255FD}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"TCP Query User{D73690A7-14FA-43E2-ADFD-6D42F47AEB07}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{DD98DE6E-E8E1-4E62-8C70-09CDB8D51062}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E6EC7AFF-5004-43A9-B6F2-B3F73DE5F507}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{F2936BD4-0CC1-4536-AA86-A055769A1D4C}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"TCP Query User{F8BE2F4D-80B9-4879-9E34-104AA3B3BD3F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{FD942591-D65D-46C1-8424-D9B9C7DAF70C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0508A343-77DD-4B25-8B6D-0811C8C6B6F8}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{239B73CE-3F9F-4D6E-B61D-B24030B44AF6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{3377A3CF-EDC9-4916-8EAB-7A8D36B964A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{3B1D1AC7-38C3-4D47-9320-3D90113A7B72}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{443777AC-56AA-4479-854A-5316B60D4EDF}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe |
"UDP Query User{5071DAED-EFFF-4CDD-9C8D-79A0F30F365C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{52BE2870-5B0A-4A62-9D3C-BE7FD3A7B50B}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{672A2DCC-9D49-418C-9A01-407E4A3CB65D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{6D070942-37C1-4B3B-8F41-835DD7C7A51E}C:\program files (x86)\hitachi\lifestudio\lifestudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hitachi\lifestudio\lifestudio.exe |
"UDP Query User{6D3FD1C2-E971-42DF-8FB2-63B33481DF00}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{71DC42ED-356F-4DE1-87B6-6489960348A7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{769A28F1-1AD8-446F-ACF4-06E74D9789C2}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{7701300D-50BC-4941-84EF-DC4B46ACA791}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{8244723C-D0A7-4385-92F9-437CAFCD91C7}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{835BCAE3-239B-4FF6-9E39-F362D68F712C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{87EBA4CD-678F-49B3-AC21-121056A0D214}C:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"UDP Query User{8B30169A-7103-4512-AC5B-4FC1424D9A32}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9174227A-B793-4775-97BC-041485FD43DF}C:\users\alx\saved games\wciii\war3.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\wciii\war3.exe |
"UDP Query User{91B7F9F4-F221-4F64-B56A-05E1053BE6CE}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"UDP Query User{9391228D-C749-46A6-8DD4-965C6D43F238}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{98E38F29-56B1-4504-8A66-C410B62197D4}C:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A18D2F1C-10EA-4B7D-9A15-C4F06F8E62CD}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{AABF1E75-617C-4E88-BD0D-8D6451C862C6}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{BD436BA4-AD71-4C50-BC17-B31895448050}C:\users\alx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BD798980-2C0E-47B4-A80B-DDDF1CCA269B}C:\users\alx\saved games\cs\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\alx\saved games\cs\counter strike 1.6\hl.exe |
"UDP Query User{CBFE82A4-1C1F-46E0-84E6-0D0E9D788B6D}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{D46BE792-E32D-4E9E-BB3B-09696D46A35D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{E53CCF35-7E2D-4C31-9B24-F366F7658E77}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{F756ABE1-1AB3-4615-A5BB-DDD88ADAD9B2}C:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\alx\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"UDP Query User{F968A326-08A4-404E-AB71-92B60B62F6A9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.7.1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9B292AE-1BA8-481B-9C09-1C5CABFB0E4C}" = Nitro Reader 2
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Defraggler" = Defraggler
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{BB367ACC-0F34-4D69-94F3-F0E667A57921}" = Star Wars: X-Wing vs. TIE Fighter v1.1.4
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6415AEF-3B3E-43FF-AD3A-0258D854E7D6}" = Microsoft Sync Framework 2.0 Core Components (x86) DEU
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E90A1941-4989-4172-AB5C-DBCB02202A84}" = Microsoft Sync Framework 2.0 Provider Services (x86) DEU
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 3" = Artisteer 3
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ClassicPro" = ClassicPro© v1.14
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Inkscape" = Inkscape 0.48.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"SpyNoMore" = SpyNoMore 3.00
"Steam App 12900" = Audiosurf
"uTorrent" = µTorrent
"vghd" = DeskBabes
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.2
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DeskBabes_is1" = DeskBabes version 1.1.0.16
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2011 07:46:59 | Computer Name = alx | Source = MsiInstaller | ID = 11308
Description =
Error - 25.07.2011 12:25:05 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17625,
Zeitstempel: 0x4de88429 Ausnahmecode: 0x0000046b Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01cc49ee28dc0ea7
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: a75fb5ca-b6da-11e0-86c4-00269ea162a6
Error - 01.08.2011 16:06:12 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel:
0x4d5d1d20 Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel:
0x4d5d1d20 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012b07 ID des fehlerhaften Prozesses:
0x12f0 Startzeit der fehlerhaften Anwendung: 0x01cc5086500048fb Pfad der fehlerhaften
Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Pfad des fehlerhaften Moduls:
C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Berichtskennung: b3b1ee44-bc79-11e0-8db6-00269ea162a6
Error - 02.08.2011 16:05:30 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 4.0.0.224, Zeitstempel:
0x49cc7813 Name des fehlerhaften Moduls: Skype.exe, Version: 4.0.0.224, Zeitstempel:
0x49cc7813 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010d258 ID des fehlerhaften Prozesses:
0x39c Startzeit der fehlerhaften Anwendung: 0x01cc514dedbf6a33 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Skype\Phone\Skype.exe Berichtskennung: c561f448-bd42-11e0-86c6-00269ea162a6
Error - 09.08.2011 13:36:47 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3173,
Zeitstempel: 0x4e1b6f92 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00680026 ID des fehlerhaften
Prozesses: 0x1390 Startzeit der fehlerhaften Anwendung: 0x01cc56b5999559a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 27bf6872-c2ae-11e0-85ad-00269ea162a6
Error - 15.08.2011 08:52:48 | Computer Name = alx | Source = BugSplat | ID = 1
Description =
Error - 16.08.2011 05:20:08 | Computer Name = alx | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1008 Startzeit: 01cc5bf4d411a00e Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE Berichts-ID:
Error - 16.08.2011 05:20:35 | Computer Name = alx | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6545.5000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1640 Startzeit: 01cc5bf5b10f4bad Endzeit: 18 Anwendungspfad:
C:\Program Files (x86)\Microsoft\Office12\WINWORD.EXE Berichts-ID:
Error - 17.08.2011 19:09:00 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4
ID
des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01cc5d1c20b598b8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e419c437-c925-11e0-849e-00269ea162a6
Error - 17.08.2011 19:13:12 | Computer Name = alx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vghd.exe, Version: 1.0.5.2, Zeitstempel:
0x4d5d1d20 Name des fehlerhaften Moduls: vghd.exe, Version: 1.0.5.2, Zeitstempel:
0x4d5d1d20 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012b07 ID des fehlerhaften Prozesses:
0x9f4 Startzeit der fehlerhaften Anwendung: 0x01cc5d32e4713a7c Pfad der fehlerhaften
Anwendung: C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Pfad des fehlerhaften Moduls:
C:\Users\alx\AppData\Local\vghd\bin\vghd.exe Berichtskennung: 7a3b4d3f-c926-11e0-849e-00269ea162a6
[ Hewlett-Packard Events ]
Error - 04.04.2010 08:49:53 | Computer Name = alx | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.DiagnoseMain.brdAssistance_MouseDown(Object sender, MouseButtonEventArgs
e) bei System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(Delegate
genericHandler, Object genericTarget) bei System.Windows.RoutedEventArgs.InvokeHandler(Delegate
handler, Object target) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
args, Boolean trusted) bei System.Windows.Input.InputManager.ProcessStagingArea()
bei System.Windows.Input.InputManager.ProcessInput(InputEventArgs input) bei
System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport) bei
System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode
mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel)
bei System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, Int32
msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ OSession Events ]
Error - 29.06.2010 10:29:54 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.07.2010 07:58:12 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.11.2010 10:04:27 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.11.2010 17:00:45 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.11.2010 17:11:14 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.11.2010 07:26:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.01.2011 09:01:19 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.06.2011 09:58:02 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.08.2011 08:44:24 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.12.2011 02:25:56 | Computer Name = alx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 31.08.2012 07:04:22 | Computer Name = alx | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.135.81.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8704.0 Fehlercode:
0x80240022 Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen
ist nicht möglich.
Error - 01.09.2012 08:39:46 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 01.09.2012 08:40:10 | Computer Name = alx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
[verify-U]_System
Error - 01.09.2012 08:42:40 | Computer Name = alx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 03.09.2012 04:10:26 | Computer Name = alx | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 03.09.2012 04:10:58 | Computer Name = alx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
[verify-U]_System
Error - 03.09.2012 04:12:10 | Computer Name = alx | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.09.2012 04:52:17 | Computer Name = alx | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.09.2012 13:52:53 | Computer Name = alx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 06.09.2012 05:18:32 | Computer Name = alx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
< End of report >
Geändert von Homunkoloss (06.09.2012 um 12:18 Uhr) |
| Themen zu Kann CodecV & Incredibar nicht mehr entfernen |
| 7-zip, antivir, audiograbber, autorun, avira, bho, browser, codec, codecv, entfernen, error, excel, firefox, flash player, format, google, google earth, home, iexplore.exe, incredibar.com, install.exe, logfile, mozilla, mp3, msiinstaller, neue tabs, ntdll.dll, object, office 2007, plug-in, problem, realtek, registry, rundll, security, software, spotify web helper, svchost.exe, wallpapers, ändern |
Baum-Darstellung