| magicpsycho | 26.03.2013 00:31 |
Hi,
hier die Logdateien:
OTL: Code:
OTL logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.23 02:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oggi12\Downloads\OTL.exe
PRC - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.12 16:18:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.25 13:25:34 | 000,102,528 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
PRC - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.10.08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009.07.08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.15 22:21:24 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\bb8aedfc8cb3fec4d0b2fa2ab4f9e66d\DeskUpdateNotifier.ni.exe
MOD - [2013.02.15 00:22:34 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.11 20:01:05 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll
MOD - [2013.01.10 06:47:39 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 06:47:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 06:47:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 06:47:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 06:47:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService)
SRV:64bit: - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.14 07:01:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.11 18:46:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 18:46:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.08 04:41:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.24 00:55:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.24 00:55:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.07 08:24:08 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.06.08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.11.06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006.11.01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0283B4E8-67AE-4F2C-881D-E5826C6A5EC5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3e40563e-b8b6-4ed6-82e8-6a56d9f56ec3&apn_sauid=1C557B1C-5661-4DD2-A704-A7B9F9E884E5
IE - HKCU\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505
IE - HKCU\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 169.254.1.1
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 19:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.10.16 13:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Extensions
[2013.03.24 16:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\jhq1p98b.default\extensions
[2013.03.24 16:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions
[2012.11.04 21:50:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.09 19:26:18 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2012.12.12 14:37:31 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.25 23:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 19:25:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.09 19:25:24 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - Startup: C:\Users\oggi12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DEA4C0F-F285-4426-8A09-C2EE1EBAA625}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1998.10.26 07:04:46 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [1999.09.03 20:51:52 | 000,193,536 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.25 23:30:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.24 16:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.24 16:32:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.24 16:06:22 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe
[2013.03.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\{2C0B7FFC-953F-4954-8D9A-63782923AB68}
[2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Roaming\Windows Live Writer
[2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\Windows Live Writer
[2013.03.21 00:37:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.13 20:49:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 20:49:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 20:49:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 20:49:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 20:49:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 20:49:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 20:49:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 20:49:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 20:49:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 20:49:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 20:49:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 20:49:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 20:49:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 20:49:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 20:49:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.28 03:11:59 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 03:11:59 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 03:11:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 03:11:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 03:11:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 03:11:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 03:11:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 03:11:52 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 03:11:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 03:11:51 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 03:11:49 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 03:11:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 03:11:49 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 03:11:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 03:11:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 03:11:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 03:11:48 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 03:11:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 03:11:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 03:11:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 03:11:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 03:11:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 03:11:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
========== Files - Modified Within 30 Days ==========
[2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 23:37:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.25 23:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 23:36:53 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.25 23:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.25 23:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.24 16:06:29 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe
[2013.03.24 16:00:28 | 000,609,993 | ---- | M] () -- C:\Users\oggi12\Desktop\adwcleaner.exe
[2013.03.23 18:43:49 | 000,001,501 | ---- | M] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk
[2013.03.23 18:21:28 | 000,001,409 | ---- | M] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk
[2013.03.23 13:08:51 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.23 13:08:51 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.23 13:08:51 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.23 13:08:51 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.23 13:08:51 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.23 02:19:19 | 000,001,392 | ---- | M] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk
[2013.03.23 02:11:12 | 000,001,040 | ---- | M] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk
[2013.03.17 23:45:05 | 000,199,346 | ---- | M] () -- C:\temp.raw
[2013.03.14 07:01:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 07:01:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.03.24 16:00:21 | 000,609,993 | ---- | C] () -- C:\Users\oggi12\Desktop\adwcleaner.exe
[2013.03.23 18:31:06 | 000,001,501 | ---- | C] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk
[2013.03.23 18:21:28 | 000,001,409 | ---- | C] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk
[2013.03.23 02:17:08 | 000,001,392 | ---- | C] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk
[2013.03.23 02:10:13 | 000,001,040 | ---- | C] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk
[2012.10.28 22:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2012.10.24 08:19:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.22 08:26:34 | 000,292,911 | ---- | C] () -- C:\Users\oggi12\AppData\Local\speeddial.crx
[2012.06.20 15:58:04 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.06.20 15:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2012.06.20 15:58:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2012.06.20 15:58:04 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.06.20 15:58:03 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.12.24 10:17:33 | 005,050,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
OTL Extras: Code:
OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
OTL fixed: Code:
OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
und dann noch die Logdatei von SystemLook: Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:58 on 25/03/2013 by oggi12
Administrator - Elevation successful
Invalid Context: folderfind*
No Context: Ashampoo_DE*
No Context: Conduit*
No Context: file scout*
No Context: Savings Sidekick*
No Context: Babylon*
No Context: IBUpdater*
No Context: Minibar*
No Context: incredibar*
No Context: PriceGong*
No Context: crossrider*
No Context: PerformerSoft*
========== regfind ==========
Searching for "Ashampoo_DE"
No data found.
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}]
"AppPath"="C:\Users\oggi12\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
Searching for "file scout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /sc "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"fs_backup"=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
Searching for "Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS]
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "IBUpdater"
[HKEY_USERS\.DEFAULT\Software\IBUpdaterService]
[HKEY_USERS\S-1-5-18\Software\IBUpdaterService]
Searching for "Minibar"
No data found.
Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
Searching for "PriceGong"
No data found.
Searching for "crossrider"
No data found.
Searching for "PerformerSoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"Publisher"="PerformerSoft LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"URLInfoAbout"="hxxp://performersoft.com/contact-us.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"HelpLink"="hxxp://performersoft.com/contact-us.php"
Searching for " "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
-= EOF =-
Bei den Plugins und Systemsteuerung>Programme sind Incredibar und Savings Sidekick nicht mehr zusehen. Firefox ist stabil, kein Absturz bis jetzt.
Gelegentlich läuft der Lüfter noch recht hoch (hört sich jedenfalls so an) obwohl ich nix oder nur wenig mache! CPU-Auslastung wird mir dann aber nicht in der Symbolleiste angezeigt. Von daher wird die auch im grünen Bereich sein denke ich.
Und jaaanz wichtig: Danke für Deine Hilfe bis hierhin. |
Malwarebytes Anti-Malware 
SecurityCheck und:
Textbox. 