Zitat:
Zitat von cosinus
(Beitrag 988551)
Nein. Das ist Security by Obscurity, reine Augenwischerei. Die EXE-Dateien werden nicht sicherer nur weil man sie umbenennt. | Gibt's eine Erklärung dafür, warum der Fehler nach dem Umbenennen weg war?
OTL.TXT Code:
OTL logfile created on: 11.01.2013 18:08:52 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User123654\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
5,98 Gb Paging File | 4,50 Gb Available in Paging File | 75,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,52 Gb Total Space | 6,58 Gb Free Space | 19,07% Space Free | Partition Type: NTFS
Computer Name: PC_XYZ | User Name: User123654 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\User123654\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\User123654\AppData\Local\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ad9687c566a69cd9\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Motion Computing\Dashboard\mcmon.exe (Motion Computing Inc)
PRC - C:\Programme\Motion Computing\Dashboard\dashsvc.exe (Motion Computing Inc.)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\vsnpstd3.exe ()
PRC - C:\Programme\MMTaskbar\MultiMon.exe ()
PRC - C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe (Teleca Software Solutions AB)
PRC - C:\Programme\Chami\HTML-Kit\Bin\HTMLKit.exe (Chami.com)
PRC - C:\Programme\Sony Ericsson\Mobile\Connectivity Pack\ConnMngMntBox.exe (Symbian Ltd.)
PRC - c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe (Intuwave Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Programme\MMTaskbar\MultiMon.exe ()
MOD - C:\Programme\Sony Ericsson\Mobile\Connectivity Pack\Wswitch.dll ()
MOD - C:\Programme\Sony Ericsson\Mobile\Connectivity Pack\CracDlr.dll ()
MOD - C:\Programme\MMTaskbar\shellhook.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ad9687c566a69cd9\stacsv.exe (IDT, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (dashsvc) -- C:\Programme\Motion Computing\Dashboard\dashsvc.exe (Motion Computing Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (MCButton) -- C:\Windows\System32\drivers\MCButton.sys (Motion Computing Inc.)
DRV - (nm3) -- C:\Windows\System32\drivers\nm3.sys (Microsoft Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.bytecamp.net/wm/cgi-bin/webmail?index=1
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "https://mail.bytecamp.net/wm/cgi-bin/webmail?index=1"
FF - prefs.js..extensions.enabledAddons: HTML5LocalStorageExplorer%40foundstone.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BFBF6D7FB-F305-4445-BB3D-FEF66579A033%7D:5.0.1
FF - prefs.js..extensions.enabledAddons: jsonview%40brh.numbera.com:0.7
FF - prefs.js..extensions.enabledAddons: bookmarkfaviconchanger%40sonthakit:1.73
FF - prefs.js..extensions.enabledAddons: searchdictcc%40roughael:3.4
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7B477c4c36-24eb-11da-94d4-00e08161165f%7D:3.1.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/dradio-Recorder: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User123654\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User123654\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User123654\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User123654\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.20 18:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2012.08.26 13:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2012.02.08 15:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 09:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 09:24:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.08 10:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 09:24:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 09:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.08 10:23:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012.01.10 19:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\Extensions
[2013.01.09 19:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\8ulvifrk.default\extensions
[2013.01.09 19:47:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\8ulvifrk.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.03.18 09:30:29 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\8ulvifrk.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.12.30 18:49:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\8ulvifrk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.14 10:33:54 | 000,000,000 | ---D | M] (Foundstone HTML5 Local Storage Explorer) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\8ulvifrk.default\extensions\HTML5LocalStorageExplorer@foundstone.com
[2012.12.28 09:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\Firefox\Profiles\fdgofph8.ms4mf\extensions
[2012.12.30 19:10:19 | 000,098,819 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\bookmarkfaviconchanger@sonthakit.xpi
[2012.12.24 18:57:33 | 000,026,234 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\jsonview@brh.numbera.com.xpi
[2012.12.30 19:10:19 | 000,037,531 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\searchdictcc@roughael.xpi
[2012.12.30 19:10:19 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.01.11 01:11:46 | 000,001,736 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
[2012.12.30 19:10:19 | 000,173,194 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2012.04.01 08:41:32 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2012.12.30 18:49:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.14 10:40:05 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.17 10:41:37 | 000,060,249 | ---- | M] () (No name found) -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi
[2012.12.28 09:55:50 | 000,001,300 | ---- | M] () -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\searchplugins\claro.xml
[2012.12.02 12:54:32 | 000,001,030 | ---- | M] () -- C:\Users\User123654\AppData\Roaming\mozilla\firefox\profiles\8ulvifrk.default\searchplugins\wikipedia-ru.xml
[2013.01.11 09:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.11 09:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.01.11 09:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.11 09:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.11 09:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.11 09:24:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.11 09:24:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.11 09:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.11 09:24:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.11 09:24:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.11 09:24:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.11 09:24:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://mail.bytecamp.net/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://mail.bytecamp.net/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User123654\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User123654\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User123654\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User123654\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Stylish = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.0_0\
CHR - Extension: Minimal = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\User123654\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ViewSource Class) - {CDF4B833-67D5-4e14-8F01-EEFD3FD10152} - C:\Programme\BAUM Retec\WebFormator\WebForm.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MotionComputingMonitor] C:\Programme\Motion Computing\Dashboard\mcmon.exe (Motion Computing Inc)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001..\Run: [dradio-RecorderTimer] C:\Programme\dradio-Recorder\phonostarTimer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User654321\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User123654\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3636016025-1043316442-1864823276-1001\..Trusted Domains: piratenpartei-oldenburg.de ([webmail] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E5EDDD6-2854-437D-BFDA-39A9EA408CFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F78F57-37DC-4779-AAAA-1D2F9B7815EE}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6776f263-3bb7-11e1-85f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6776f263-3bb7-11e1-85f3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.11 18:02:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User123654\Desktop\OTL.exe
[2013.01.11 09:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.09 20:04:46 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\.purple
[2013.01.09 20:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2013.01.09 19:54:13 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Local\Opera
[2013.01.09 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Opera
[2013.01.09 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013.01.09 13:04:22 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 13:03:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.09 13:03:35 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.08 10:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.08 09:05:17 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Local\Programs
[2012.12.31 15:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012.12.31 15:23:00 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71u.dll
[2012.12.31 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012.12.28 11:16:36 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp
[2012.12.28 11:14:10 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
[2012.12.28 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\User123654\Documents\Balabolka
[2012.12.28 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Balabolka
[2012.12.28 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Balabolka
[2012.12.28 09:53:41 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012.12.28 09:21:53 | 000,000,000 | ---D | C] -- C:\Users\User123654\Documents\My Library
[2012.12.28 09:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012.12.28 09:19:45 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2012.12.28 09:19:45 | 000,054,784 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\msvci70.dll
[2012.12.28 09:19:44 | 000,057,436 | ---- | C] (Microsoft Corporation) -- C:\Windows\DASShp.dll
[2012.12.28 09:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2012.12.27 12:20:19 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\.links
[2012.12.27 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Links-Browser
[2012.12.27 12:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Links
[2012.12.27 11:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lynx
[2012.12.27 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lynx
[2012.12.27 10:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAUM Retec
[2012.12.27 10:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\BAUM Retec
[2012.12.27 09:51:16 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Help
[2012.12.27 09:51:16 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Local\Help
[2012.12.27 09:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BAUM Retec
[2012.12.22 04:57:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 04:57:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.18 08:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.12.16 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Local\Apps
[2012.12.16 21:34:07 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\EssentialPIM
[2012.12.16 20:20:51 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\Sony Ericsson
[2012.12.16 20:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.12.16 20:11:20 | 000,232,448 | ---- | C] (Virtual Media Technology Pty Ltd) -- C:\Windows\System32\HDK3CT32.DLL
[2012.12.16 20:11:20 | 000,215,040 | ---- | C] (Virtual Media Technology P/L) -- C:\Windows\System32\HDK3CTNT.DLL
[2012.12.16 20:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2012.12.16 20:10:59 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2012.12.16 20:10:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2012.12.16 11:49:39 | 000,000,000 | ---D | C] -- C:\Users\User123654\Documents\Podcasts
[2012.12.16 11:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dradio-Recorder
[2012.12.16 11:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\dradio-Recorder
[2012.12.15 11:06:27 | 000,000,000 | ---D | C] -- C:\Users\User123654\AppData\Roaming\FastStone
[2012.12.15 11:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
[2012.12.15 11:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Capture
[2012.12.13 09:06:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 09:06:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 09:06:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 09:06:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 09:06:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 09:06:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 09:06:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 09:06:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2013.01.11 18:16:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.11 18:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User123654\Desktop\OTL.exe
[2013.01.11 17:38:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.11 17:26:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3636016025-1043316442-1864823276-1001UA.job
[2013.01.11 13:38:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.11 07:46:39 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3636016025-1043316442-1864823276-1001Core.job
[2013.01.11 07:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 11:11:51 | 000,001,059 | ---- | M] () -- C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.10 08:57:31 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:57:31 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:46:11 | 000,306,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 08:44:20 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.09 18:24:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 18:24:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.04 20:08:13 | 000,000,600 | ---- | M] () -- C:\Users\User123654\AppData\Local\PUTTY.RND
[2012.12.31 09:48:37 | 000,014,210 | ---- | M] () -- C:\Users\User123654\lynx.rc
[2012.12.27 12:00:28 | 000,000,448 | ---- | M] () -- C:\Users\User123654\lynx_bookmarks.htm
[2012.12.18 16:44:51 | 000,071,430 | ---- | M] () -- C:\Users\User123654\Desktop\Anteilsbesitzliste_2006.pdf
[2012.12.16 20:13:23 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.12.16 20:13:06 | 000,000,130 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.12.16 20:12:21 | 000,001,822 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Telefonverbindungsmonitor.lnk
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013.01.10 11:11:51 | 000,001,059 | ---- | C] () -- C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.09 20:04:07 | 000,000,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2013.01.09 19:54:07 | 000,001,809 | ---- | C] () -- C:\Users\User123654\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.01.04 19:47:42 | 000,000,600 | ---- | C] () -- C:\Users\User123654\AppData\Local\PUTTY.RND
[2012.12.31 09:48:37 | 000,014,210 | ---- | C] () -- C:\Users\User123654\lynx.rc
[2012.12.28 09:19:45 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Reader.lnk
[2012.12.27 11:53:50 | 000,000,448 | ---- | C] () -- C:\Users\User123654\lynx_bookmarks.htm
[2012.12.18 16:44:44 | 000,071,430 | ---- | C] () -- C:\Users\User123654\Desktop\Anteilsbesitzliste_2006.pdf
[2012.12.16 20:12:20 | 000,001,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Telefonverbindungsmonitor.lnk
[2012.12.16 20:10:59 | 000,000,402 | ---- | C] () -- C:\Windows\System32\msxml4.inf
[2012.11.21 12:42:25 | 000,000,681 | ---- | C] () -- C:\Users\User123654\0_worker.lnk
[2012.11.10 14:33:58 | 000,002,332 | ---- | C] () -- C:\Users\User123654\Abspielen.xml
[2012.07.08 14:57:12 | 000,011,207 | ---- | C] () -- C:\Users\User123654\gsview32.ini
[2012.02.24 19:07:18 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.24 19:07:11 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.11 16:55:59 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.01.11 16:55:57 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012.01.11 16:55:57 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2012.01.11 16:55:57 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.01.11 16:55:55 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2012.01.11 16:55:55 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.01.11 16:55:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012.01.11 16:55:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2012.01.11 10:14:52 | 000,141,272 | ---- | C] () -- C:\Windows\System32\stacctrl.dll
[2011.04.12 02:30:05 | 000,641,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,125,408 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report > Extras.TXT Code:
OTL Extras logfile created on: 11.01.2013 18:08:52 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User123654\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
5,98 Gb Paging File | 4,50 Gb Available in Paging File | 75,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,52 Gb Total Space | 6,58 Gb Free Space | 19,07% Space Free | Partition Type: NTFS
Computer Name: PC_XYZ | User Name: User123654 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = K-Meleon.HTML] -- C:\Program Files\K-Meleon\K-Meleon.exe (hxxp://kmeleon.sf.net/)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1" (hxxp://kmeleon.sf.net/)
https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1" (hxxp://kmeleon.sf.net/)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1465363C-1DAF-4C84-B00D-4788FD86720C}" = rport=138 | protocol=17 | dir=out | app=system |
"{2403E8C8-D819-49BA-B514-4E84184C2E4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3962BA7B-5190-49D8-A049-8B82365153CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B2A27C8-1246-4A2F-B37D-C65DFA62B9E1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89E8557D-16D5-4E8F-AFB7-B57741A1EFBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BE5F88-EB81-41D4-AC91-C7BF32C9946A}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9C3A153-06D2-4AE6-AF5D-57ED4A61BB65}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD563BDC-D0E2-48F2-B228-C61C2E455FC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA4A8308-A921-482E-A9BF-27CB6DF0A857}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0DC80DA-0BEC-4207-9DDF-5883E38FC5A5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{C947ECC1-6F70-412B-9475-F23590587F78}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3268D36-A338-4FAE-ACC6-07AE147838FA}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA77F464-8F41-4C5C-A456-D57212A56E74}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037F12EA-CD5D-4820-9401-EA89753A3331}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1B33C81D-B5B7-4DEB-A423-E4A05E1FA10F}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{255B50E1-553E-4A44-BECA-413E37290316}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{26D22BD7-7873-488F-A82C-11B7B275D3BC}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{72801749-F9DF-4D89-8506-3A5D4761EFA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C8BEE69-E3CF-4D17-8899-48F33F3A7638}" = protocol=17 | dir=in | app=c:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe |
"{81A37C97-A486-47C0-A540-3826753DD4E3}" = protocol=6 | dir=in | app=c:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe |
"{8231E294-457A-46C8-BD53-E0719F7975CF}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{A8CAE537-CB04-4E43-8C9D-6B3E04C08264}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA16D8FB-145B-48FB-8CEB-04F42FCB4A4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D35B8912-37D9-4AE2-B7EB-7F23198C5E44}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"{D444683B-CD55-4F1A-B405-26DE16F24868}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4E93AEF-33A7-4DA7-BF21-11324B7648E6}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{F2070949-D5E1-4A4E-8728-D41D93851304}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe |
"{F2CBECB5-847E-4038-B256-DCDAED4C330F}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe |
"TCP Query User{1294F56E-3881-4D1C-8B93-6624A82A91D7}C:\0_worker\tools\desktop\phoner\phoner.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\desktop\phoner\phoner.exe |
"TCP Query User{2157E390-70DB-4EF0-AE35-F051194ADD41}C:\program files\java\jdk1.7.0_09\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"TCP Query User{2A5033FE-0107-4C56-AC42-87B815B19039}C:\program files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{4B2AAE1D-5E7A-4E11-A343-59EEC1257237}C:\0_worker\tools\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\xampp\mysql\bin\mysqld.exe |
"TCP Query User{5156EF99-0C29-42AB-A480-434991AE1B1B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{5F41B379-8A45-4233-B211-6791BA1066A7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66A4FFBD-24E0-4480-A85E-C6A01DCB117A}C:\program files\sony ericsson\mobile\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\mobile\dxp syncml.exe |
"TCP Query User{681787B1-9E5A-4A7D-93E5-69FFB8E54480}C:\0_worker\tools\drupal\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\drupal\xampp\mysql\bin\mysqld.exe |
"TCP Query User{753AAB35-4BDF-4960-8E98-A5C1F7A010B4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{7DD21553-B815-4139-BDD4-192F746F727C}C:\0_worker\tools\drupal\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\drupal\xampp\apache\bin\httpd.exe |
"TCP Query User{8337C2CC-DB2C-4DB3-BA73-CB13E8E4E3F1}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{88736C45-57FB-4F0B-90CB-54CF984E496C}C:\0_worker\projekte\etherpad\bin\node.exe" = protocol=6 | dir=in | app=c:\0_worker\projekte\etherpad\bin\node.exe |
"TCP Query User{B3F78133-E6E2-4A71-BF79-7439A587D507}C:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BB9F80F9-B6B2-4DAF-BF4C-6471D3948512}C:\0_worker\tools\desktop\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\desktop\phonerlite\phonerlite.exe |
"TCP Query User{C23FF85B-FC84-4C98-BA2F-B2885035124E}C:\0_worker\tools\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\0_worker\tools\xampp\apache\bin\httpd.exe |
"TCP Query User{F723C222-A3FE-48C8-A718-028C9C640DCF}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{095E3BB9-B084-4BFD-A5B3-ED4B52EBF532}C:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\User123654\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0A860B4E-0587-4531-9649-EAABEE45D18D}C:\0_worker\tools\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\xampp\mysql\bin\mysqld.exe |
"UDP Query User{1011F799-1A28-4FA9-B98D-70FE4DDC4545}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{2786A64C-C791-4236-A806-44595E5011E0}C:\program files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{3CC69257-6FC2-4CCC-BE9B-FB2F1F4B8B52}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{42FF3D25-F515-4FFB-B822-2001F37E3448}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43E7EE4E-0AFA-4A5D-B319-E0F4619CC3A6}C:\0_worker\tools\drupal\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\drupal\xampp\apache\bin\httpd.exe |
"UDP Query User{4E1C43C8-94DB-47C9-86AA-A70A744C288A}C:\program files\sony ericsson\mobile\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\mobile\dxp syncml.exe |
"UDP Query User{67A47FC6-A181-4D31-A7D2-623E0D880E0A}C:\0_worker\tools\desktop\phoner\phoner.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\desktop\phoner\phoner.exe |
"UDP Query User{7FC5FF75-BE3B-4FF7-A73A-F967E70918D8}C:\0_worker\tools\drupal\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\drupal\xampp\mysql\bin\mysqld.exe |
"UDP Query User{A28243FE-FD20-4456-A988-CDEA76374BDC}C:\0_worker\tools\desktop\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\desktop\phonerlite\phonerlite.exe |
"UDP Query User{C09E1DB9-680F-4C59-8D10-BF839DA10C84}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{D41103F6-4808-42E0-9740-F8D47A34F699}C:\program files\java\jdk1.7.0_09\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_09\bin\java.exe |
"UDP Query User{DF2C1546-EB94-4646-9CC3-DC7964F2B863}C:\0_worker\tools\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\0_worker\tools\xampp\apache\bin\httpd.exe |
"UDP Query User{F91D190E-C8CC-4D75-9153-8B8E6D841312}C:\0_worker\projekte\etherpad\bin\node.exe" = protocol=17 | dir=in | app=c:\0_worker\projekte\etherpad\bin\node.exe |
"UDP Query User{FA0A5E62-986A-46B4-BAC4-65590F97863C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2B97F94C-F062-4508-817E-DAD1D1ABF526}" = AuthenTec Fingerprint Software
"{31134246-6012-44CE-9736-2A3C80C1873A}" = Drush
"{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{5D60F961-07D3-437C-A363-B5D9992E44FD}" = Motion Dashboard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}" = Microsoft Server Speech Text to Speech Voice (de-DE, Hedda)
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = SPEEDLINK Reflect2 Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FC18114B-05A0-11D6-8140-000102E745A6}" = Sony Ericsson PC Suite 3.2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Balabolka" = Balabolka
"BDF09CEEBD5C93E72BEE1FDE5B90F33BCD03453C" = Windows-Treiberpaket - Motion Computing Inc. (MCButton) HIDClass (08/16/2010 4.2.1.0)
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.8
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FastStone Capture" = FastStone Capture 5.3
"FileZilla Client" = FileZilla Client 3.5.3
"Free RAR Extract Frog" = Free RAR Extract Frog
"FTDICOMM" = SEMC DSS SyncStation Driver
"GnuPG" = GNU Privacy Guard
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HTMLKit_is1" = HTML-Kit 292
"K-Meleon" = K-Meleon 1.5.4 de-DE (nur entfernen)
"LHTTSGED" = L&H TTS3000 Deutsch
"Lynx_is1" = Lynx 2.8.7rel.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"Scribus 1.4.1" = Scribus 1.4.1
"tvbrowser" = TV-Browser 3.2.1
"VLC media player" = VLC media player 2.0.4
"WebFormator_is1" = WebFormator 2.4c
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3636016025-1043316442-1864823276-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Opera 12.12.1707" = Opera 12.12
"Screen Sharing Application" = Screen Sharing Application
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2013 13:55:32 | Computer Name = PC_XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\fingerprint
sensor\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.01.2013 14:23:26 | Computer Name = PC_XYZ | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2013 15:40:41 | Computer Name = PC_XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a278 Name des fehlerhaften Moduls: kaapohd.dll, Version: 3.1102.6000.36,
Zeitstempel: 0x4a328f0a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000b809 ID des fehlerhaften
Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0x01cdeea11b4a4d7d Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\kaapohd.dll Berichtskennung: 7307a462-5a94-11e2-b6ef-00023ffea579
Error - 09.01.2013 15:40:48 | Computer Name = PC_XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a278 Name des fehlerhaften Moduls: kaapohd.dll, Version: 3.1102.6000.36,
Zeitstempel: 0x4a328f0a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000b809 ID des fehlerhaften
Prozesses: 0x1594 Startzeit der fehlerhaften Anwendung: 0x01cdeea1377f9f7b Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\kaapohd.dll Berichtskennung: 76ff04f4-5a94-11e2-b6ef-00023ffea579
Error - 09.01.2013 15:41:49 | Computer Name = PC_XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a278 Name des fehlerhaften Moduls: kaapohd.dll, Version: 3.1102.6000.36,
Zeitstempel: 0x4a328f0a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000b809 ID des fehlerhaften
Prozesses: 0xf64 Startzeit der fehlerhaften Anwendung: 0x01cdeea15d6b0da7 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\kaapohd.dll Berichtskennung: 9b6701da-5a94-11e2-b6ef-00023ffea579
Error - 09.01.2013 15:42:13 | Computer Name = PC_XYZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a278 Name des fehlerhaften Moduls: kaapohd.dll, Version: 3.1102.6000.36,
Zeitstempel: 0x4a328f0a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000b809 ID des fehlerhaften
Prozesses: 0x12ac Startzeit der fehlerhaften Anwendung: 0x01cdeea160bfea26 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\kaapohd.dll Berichtskennung: a9aa5640-5a94-11e2-b6ef-00023ffea579
Error - 10.01.2013 03:46:17 | Computer Name = PC_XYZ | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 03:59:06 | Computer Name = PC_XYZ | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: b34 Startzeit: 01cdef0804077747 Endzeit: 78 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 93f3a6b2-5afb-11e2-91e1-00023ffea579
Error - 10.01.2013 07:41:51 | Computer Name = PC_XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Fingerprint
Sensor\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.01.2013 07:45:16 | Computer Name = PC_XYZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\fingerprint
sensor\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 23.12.2012 15:42:59 | Computer Name = PC_XYZ | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 23.12.2012 15:43:04 | Computer Name = PC_XYZ | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 24.12.2012 00:57:47 | Computer Name = PC_XYZ | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 24.12.2012 02:16:13 | Computer Name = PC_XYZ | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.12.2012 02:26:34 | Computer Name = PC_XYZ | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 24.12.2012 04:40:25 | Computer Name = PC_XYZ | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.12.2012 05:05:51 | Computer Name = PC_XYZ | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 24.12.2012 05:06:47 | Computer Name = PC_XYZ | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 24.12.2012 06:16:48 | Computer Name = PC_XYZ | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 24.12.2012 06:17:36 | Computer Name = PC_XYZ | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report > |