Naja, weil ich den Laptop von einem Bekannten bekommen hab hatte ich da eigentlich keine Hintergedanken, die Festplatte zu formatieren war das Letzte woran ich gedacht hab :/ aber dafür werd ich mir demnächst mal Zeit nehmen müssen, nur hab ich die momentan kaum.
gmer-scan:
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 21:24:20
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO
Running: tvlzh26h.exe; Driver: C:\Users\side\AppData\Local\Temp\fwldipog.sys
---- System - GMER 1.0.15 ----
SSDT 8A14A39E ZwCreateSection
SSDT 8A14A3A3 ZwSetContextThread
SSDT 8A14A33F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 448 81EC6A6C 4 Bytes [9E, A3, 14, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 81EC6DC4 4 Bytes [A3, A3, 14, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81EC6E78 4 Bytes [3F, A3, 14, 8A]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
--- --- ---
MBR Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6001 Disk: Hitachi_ rev.BBFO -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x81EC9FEF] -> \Device\Harddisk0\DR0[0x85C072A0]
3 CLASSPNP[0x883A2745] -> ntkrnlpa!IofCallDriver[0x81EC9FEF] -> [0x84A126D0]
5 acpi[0x87A9C6A0] -> ntkrnlpa!IofCallDriver[0x81EC9FEF] -> \Device\Ide\IAAStorageDevice-0[0x84A1C030]
kernel: MBR read successfully
user & kernel MBR OK
OTL-Fix: Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD32024F-867F-498D-8290-012F95967AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD32024F-867F-498D-8290-012F95967AE4}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD32024F-867F-498D-8290-012F95967AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD32024F-867F-498D-8290-012F95967AE4}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
C:\Users\side\AppData\Roaming\Ahab folder moved successfully.
C:\Users\side\AppData\Roaming\Vyeqro folder moved successfully.
C:\Users\side\AppData\Roaming\Alhuog folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\side\Desktop\cmd.bat deleted successfully.
C:\Users\side\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: alfred
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: side
->Temp folder emptied: 18167932 bytes
->Temporary Internet Files folder emptied: 6315227 bytes
->Java cache emptied: 45550 bytes
->FireFox cache emptied: 522896707 bytes
->Flash cache emptied: 3684 bytes
%systemdrive% .tmp files removed: 14154 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535740 bytes
RecycleBin emptied: 1022 bytes
Total Files Cleaned = 523,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09062012_213821
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL-Scan
OTL Logfile: Code:
OTL logfile created on: 06.09.2012 21:45:38 - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\side\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,51% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,31 Gb Total Space | 112,72 Gb Free Space | 50,93% Space Free | Partition Type: NTFS
Drive D: | 11,57 Gb Total Space | 2,18 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Computer Name: HPNOTE | User Name: side | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.03 10:20:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012.09.02 14:21:26 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.08.30 22:53:02 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\side\Desktop\OTL.exe
PRC - [2011.06.30 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.30 11:53:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.22 17:53:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.16 08:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.17 15:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.25 08:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.25 08:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.01.17 15:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2000.02.25 02:23:44 | 008,810,548 | R--- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\WINWORD.EXE
========== Modules (No Company Name) ==========
MOD - [2012.09.03 10:20:04 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.09.02 14:21:25 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.10.21 16:47:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.10.21 16:47:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.10.21 16:45:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.10.21 16:43:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2007.09.30 20:34:52 | 000,345,384 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007.09.30 20:34:42 | 000,255,384 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007.09.30 20:34:42 | 000,120,208 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007.09.30 20:34:42 | 000,038,184 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
========== Services (SafeList) ==========
SRV - [2012.09.03 10:34:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.02 14:21:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 00:35:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.08.15 18:03:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.30 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.30 11:53:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.25 08:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.06.30 11:53:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 11:53:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007.09.18 01:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.28 17:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.17 15:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.02 14:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 14:19:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.02 14:21:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 14:19:03 | 000,000,000 | ---D | M]
[2010.02.14 18:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\side\AppData\Roaming\mozilla\Extensions
[2012.08.08 02:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\side\AppData\Roaming\mozilla\Firefox\Profiles\bmzafqmu.default\extensions
[2012.08.08 02:07:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\side\AppData\Roaming\mozilla\Firefox\Profiles\bmzafqmu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.02 16:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.02 14:21:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.02 14:21:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\side\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98C85D7A-6827-4D07-A101-CDB8113A4B4C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\side\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\side\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.06 21:38:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.06 15:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\pwcgdvikwjahdol
[2012.09.03 10:21:30 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Local\Macromedia
[2012.09.03 10:20:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.02 14:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.02 14:19:03 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.02 14:19:03 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.02 14:19:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.02 14:18:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.02 14:18:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.02 14:18:30 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.08.31 14:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.31 14:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.31 11:28:18 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\Malwarebytes
[2012.08.31 11:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 11:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.31 11:27:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 11:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.30 22:52:57 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\side\Desktop\OTL.exe
[2012.08.24 00:05:13 | 000,000,000 | ---D | C] -- C:\Users\side\Documents\Armies of Exigo
[2012.08.23 23:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012.08.23 23:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2012.08.22 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.08.19 02:53:20 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\GTek
[2012.08.19 02:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.08.19 02:48:32 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\HpUpdate
[2012.08.19 02:48:28 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.08.18 02:09:49 | 000,000,000 | ---D | C] -- C:\Users\side\Desktop\Neuer Ordner
[2012.08.16 01:10:09 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\Template
[2012.08.15 22:31:41 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.08.15 22:31:41 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012.08.15 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.08.15 17:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.08.15 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.08.13 10:19:38 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Local\Microsoft Games
[2012.08.09 20:25:46 | 000,000,000 | ---D | C] -- C:\Users\side\Desktop\Bilder
[2012.08.09 20:25:09 | 000,000,000 | ---D | C] -- C:\Users\side\Desktop\Dateien
[2012.08.09 00:52:24 | 000,000,000 | ---D | C] -- C:\Users\side\Desktop\Musik
[2012.08.08 12:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2012.08.08 12:32:17 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Local\Last.fm
[2012.08.08 12:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2012.08.08 12:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2012.08.08 02:07:10 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.08 02:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.08.08 02:06:57 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.08.08 02:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.08.08 02:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.08.08 02:06:08 | 000,000,000 | ---D | C] -- C:\Users\side\AppData\Roaming\DVDVideoSoft
[1 C:\Users\side\*.tmp files -> C:\Users\side\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.06 21:49:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{917AC808-2C2F-42C5-87A1-CA938C1B7AB6}.job
[2012.09.06 21:42:46 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.09.06 21:40:39 | 000,048,096 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.06 21:40:39 | 000,048,096 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.06 21:40:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 21:40:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 21:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.06 21:40:14 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.06 21:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 21:30:35 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.09.06 15:23:42 | 000,076,347 | ---- | M] () -- C:\ProgramData\kecfmmghiqhumlt
[2012.09.03 17:11:50 | 000,000,680 | ---- | M] () -- C:\Users\side\AppData\Local\d3d9caps.dat
[2012.09.03 10:34:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.03 10:34:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.02 14:47:52 | 001,656,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.02 14:45:29 | 000,231,166 | ---- | M] () -- C:\Users\side\Documents\cc_20120902_144509.reg
[2012.09.02 14:17:59 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.02 14:17:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.02 14:17:53 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.02 14:17:53 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.02 14:17:53 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.02 14:17:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.02 13:41:16 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.08.31 14:15:33 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.31 11:27:43 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 23:09:37 | 000,302,592 | ---- | M] () -- C:\Users\side\Desktop\tvlzh26h.exe
[2012.08.30 22:53:02 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\side\Desktop\OTL.exe
[2012.08.30 22:51:56 | 000,000,000 | ---- | M] () -- C:\Users\side\defogger_reenable
[2012.08.30 22:48:43 | 000,050,477 | ---- | M] () -- C:\Users\side\Desktop\Defogger.exe
[2012.08.23 23:58:21 | 000,001,017 | ---- | M] () -- C:\Users\side\Desktop\Armies of Exigo.lnk
[2012.08.22 12:15:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.22 12:15:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.22 12:15:45 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.22 12:15:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.16 01:10:09 | 000,000,128 | ---- | M] () -- C:\Users\side\AppData\Roaming\wklnhst.dat
[2012.08.15 23:21:21 | 000,055,065 | ---- | M] () -- C:\Windows\War3Unin.dat
[2012.08.15 23:21:14 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.08.15 23:21:14 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[1 C:\Users\side\*.tmp files -> C:\Users\side\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.06 21:30:34 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.09.06 15:35:43 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.06 15:23:19 | 000,076,347 | ---- | C] () -- C:\ProgramData\kecfmmghiqhumlt
[2012.09.03 10:20:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.02 14:45:14 | 000,231,166 | ---- | C] () -- C:\Users\side\Documents\cc_20120902_144509.reg
[2012.09.02 13:41:16 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012.09.02 13:41:15 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012.08.31 14:15:33 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.31 11:27:43 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.30 23:09:36 | 000,302,592 | ---- | C] () -- C:\Users\side\Desktop\tvlzh26h.exe
[2012.08.30 22:51:56 | 000,000,000 | ---- | C] () -- C:\Users\side\defogger_reenable
[2012.08.30 22:48:40 | 000,050,477 | ---- | C] () -- C:\Users\side\Desktop\Defogger.exe
[2012.08.23 23:58:21 | 000,001,017 | ---- | C] () -- C:\Users\side\Desktop\Armies of Exigo.lnk
[2012.08.22 00:46:15 | 000,001,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012.08.22 00:43:26 | 000,001,264 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012.08.22 00:43:03 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012.08.22 00:39:24 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012.08.16 01:10:06 | 000,000,128 | ---- | C] () -- C:\Users\side\AppData\Roaming\wklnhst.dat
[2012.08.15 22:31:41 | 000,055,065 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.08.15 22:31:41 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2011.06.30 12:28:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.30 12:28:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.28 16:46:33 | 000,017,408 | ---- | C] () -- C:\Users\side\AppData\Local\WebpageIcons.db
[2010.07.18 10:59:32 | 000,048,096 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.07.18 10:59:32 | 000,048,096 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.14 15:19:07 | 000,000,680 | ---- | C] () -- C:\Users\side\AppData\Local\d3d9caps.dat
[2008.03.12 22:01:37 | 000,003,584 | ---- | C] () -- C:\Users\side\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.09 15:49:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.21 22:19:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008.01.21 22:13:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2008.01.21 22:13:01 | 000,000,268 | RH-- | C] () -- C:\Users\side\AppData\Roaming\Frameworks
[2008.01.21 22:13:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008.01.21 22:13:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Grapher
[2008.01.21 22:04:45 | 000,027,240 | ---- | C] () -- C:\Users\side\AppData\Roaming\nvModes.001
[2008.01.21 22:03:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.21 21:56:43 | 000,027,240 | ---- | C] () -- C:\Users\side\AppData\Roaming\nvModes.dat
========== LOP Check ==========
[2008.03.03 21:51:01 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\cerasus.media
[2012.08.08 02:08:40 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\DVDVideoSoft
[2012.08.08 02:07:10 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.31 02:25:58 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\LolClient
[2008.01.21 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\Nikon
[2012.08.16 01:10:09 | 000,000,000 | ---D | M] -- C:\Users\side\AppData\Roaming\Template
[2012.09.06 21:39:06 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.06 21:49:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{917AC808-2C2F-42C5-87A1-CA938C1B7AB6}.job
========== Purity Check ==========
< End of report >
Extras:
OTL Logfile: Code:
OTL Extras logfile created on: 06.09.2012 21:45:38 - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\side\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,51% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,31 Gb Total Space | 112,72 Gb Free Space | 50,93% Space Free | Partition Type: NTFS
Drive D: | 11,57 Gb Total Space | 2,18 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Computer Name: HPNOTE | User Name: side | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95024284-9823-49D4-B4B1-7D666CCEC72D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A8BC985-558C-4E46-AD52-F38848007B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C787F27-03E4-49C0-8C87-1E903EA5DAD6}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{40940FC6-CB2E-4B92-B19D-518CCE21B5B7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4970421D-731D-4200-A1A3-75CD9773B61F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{583B4C31-45ED-453C-9A91-67A2D5C9C1DC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5D3B0111-6349-49BA-BE1C-F9D977A1B974}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{6E654A94-9FCA-4019-AD51-172B475C3564}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7058F374-CA66-4318-872B-F5CB9181C766}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72F4B48F-A429-4CC1-AA0F-B7D32FB92BC2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{87CB1480-EEF6-4F4A-9468-0AF6A05F52B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BA3B35DA-B466-4848-8EF3-C0F7BB71081A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D1EBE3D7-02B0-4BEB-9626-2D347D249777}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D5D0661A-1055-4496-9607-0BFC70E33C17}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D7310273-E9FA-4EDF-9BAC-FA461E9E3705}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FFED16F2-9C41-4E9C-919F-2353240B948B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2AFF09A0-6DC0-42A0-886B-2C297AAB5F35}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3885A7AF-3C48-4682-92D3-A344F6B045B6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5770A9C4-1BD5-498C-AF82-8EE090E41136}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{5984CEA3-BC09-42DB-BC3E-48EFA2E9DC8C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5F7C490D-06CE-42EC-88ED-3210F3813FE0}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6E4B7C11-B098-47E8-B44F-F4C3E9FC45BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{83A9626B-6494-4043-8F24-CD59FC9C3D11}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{945ECAA3-DB6F-4D82-B502-0DD0502C543E}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{97323CB3-EE61-4CBF-A88D-75BED8A19546}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9770EB0A-85C2-40DC-ACFD-D2B39C8572C5}C:\program files\zattoo\zattoo2.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
"TCP Query User{B68E4756-6314-4DA6-A233-90A1CB19B17C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{BA677619-DEF4-49D8-9997-9CAF42524976}C:\program files\zattoo\zattoo2.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
"TCP Query User{D911111D-C085-4422-8C90-309CA9F2D332}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DADF9BB6-1D11-4D9D-AE84-A02D8519FA42}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E572ACE8-6DF3-4597-80EA-04D28AF7497C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{0B1A2C7C-3BC8-450A-9D64-67C89AAA95F4}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{10975869-3922-43A6-BDE3-62F613AB6B79}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1967C3A1-EC98-4006-8702-91DEE0C2FC01}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{1AEDCAF4-DD1C-418D-B443-4790D4008BA2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{5E5E758D-5CF4-4D6F-B398-CFF2F8717C1F}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{6123206A-0D11-437A-97B1-66C4B4D6D1A3}C:\program files\zattoo\zattoo2.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
"UDP Query User{61734479-9BA1-41F8-B7A6-CE9D5F6FAF0C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{806C4C8E-B8E9-42CB-AADE-35ECDB3E383F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{86FDEB68-B702-4A5E-973A-1DAACC6AA95B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{881323F4-ABC5-4CE6-B8E6-B76A66A39109}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A9A5B1D5-D807-4AD7-904C-9B1B078766C4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B5863E79-7175-4983-8A4F-D98D2341A9DC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CEE4AB8D-0465-4759-A7FE-9E035943A317}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D9829F51-E862-4C31-986C-81AC135FD5A4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EF325296-CA50-4663-BB4C-9671C2A5B677}C:\program files\zattoo\zattoo2.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B35E04CF-3A12-4F91-9981-ECF1915BCE76}" = MA111 Configuration Utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70C67ED-4592-11D6-85CC-00A0CC603DBA}" = Löwenzahn 6
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Armies of Exigo_is1" = Armies of Exigo
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cogpack" = Cogpack
"Deutschlands Brettspiele Deluxe" = Deutschlands Brettspiele Deluxe 1.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.09.2012 10:47:53 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:48:54 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:48:54 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:49:06 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:49:06 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:49:06 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:50:14 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:50:14 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:50:26 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
Error - 06.09.2012 10:50:26 | Computer Name = hpnote | Source = VSS | ID = 12289
Description =
[ System Events ]
Error - 06.09.2012 09:35:49 | Computer Name = hpnote | Source = HTTP | ID = 15016
Description =
Error - 06.09.2012 09:37:31 | Computer Name = hpnote | Source = Service Control Manager | ID = 7000
Description =
Error - 06.09.2012 09:40:08 | Computer Name = hpnote | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.135.203.0
Ladende
Modulversion: 1.1.8704.0
Error - 06.09.2012 09:45:07 | Computer Name = hpnote | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 06.09.2012 10:11:11 | Computer Name = hpnote | Source = netbt | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 06.09.2012 11:01:31 | Computer Name = hpnote | Source = HTTP | ID = 15016
Description =
Error - 06.09.2012 11:02:16 | Computer Name = hpnote | Source = Service Control Manager | ID = 7000
Description =
Error - 06.09.2012 15:38:22 | Computer Name = hpnote | Source = Service Control Manager | ID = 7034
Description =
Error - 06.09.2012 15:40:19 | Computer Name = hpnote | Source = HTTP | ID = 15016
Description =
Error - 06.09.2012 15:41:59 | Computer Name = hpnote | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
