donnerherz | 01.08.2012 04:19 | Schönen guten Morgen!
Nachdem es mir endlich gelungen ist, das WLAN an meinem Notebook auszuschalten (per Fn + F9 ging nix, nur über BIOS), hier die OTL-Logs:
Inhalt von OTL.txt:OTL Logfile: Code:
OTL logfile created on: 8/1/2012 4:55:58 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 68.44% Memory free
7.73 Gb Paging File | 6.34 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 16.22 Gb Free Space | 32.45% Space Free | Partition Type: NTFS
Drive D: | 227.99 Gb Total Space | 127.29 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/31 21:36:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/05/08 10:29:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 10:29:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 10:29:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/05/24 13:59:54 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/07 07:10:44 | 000,846,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/23 02:39:04 | 001,208,320 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/03 09:19:42 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 14:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/03/25 13:30:08 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2007/08/31 08:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/31 16:09:17 | 000,278,952 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\deo0_sar.exe
MOD - [2012/06/15 05:33:45 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/15 05:33:37 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/15 05:33:26 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 05:33:16 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/06/14 18:28:40 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/09 07:09:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 07:09:19 | 000,310,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/05/09 07:08:53 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 07:08:49 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 07:08:48 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 07:08:43 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/07 13:12:55 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/11/13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/06/10 23:52:17 | 000,397,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2010/06/10 23:52:17 | 000,011,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
MOD - [2010/04/23 02:39:04 | 001,208,320 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009/12/03 09:19:12 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2009/12/03 09:19:10 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2009/12/03 09:18:56 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2009/12/03 09:18:54 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2009/12/03 09:18:52 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2009/12/03 09:18:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2009/12/03 09:18:50 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2009/12/03 09:18:50 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 07:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
MOD - [2007/08/31 08:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 08:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 08:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 08:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 08:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 08:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/07/27 11:23:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 17:24:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 10:29:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 10:29:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/05/24 13:59:54 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/23 02:38:56 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/12/02 14:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/08 10:29:06 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 10:29:06 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/23 02:38:54 | 000,025,648 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2010/04/23 02:38:54 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 22:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/22 00:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/03 14:45:40 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1640542151-1329998912-343247229-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:24:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:24:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/05/15 14:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011/05/15 14:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/05/03 03:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l7r8gxno.default\extensions
[2011/10/02 10:13:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\l7r8gxno.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/02 20:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/02 20:29:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 17:24:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/10 12:51:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/10 12:51:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/10 12:51:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/10 12:51:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/10 12:51:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/10 12:51:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1640542151-1329998912-343247229-1001..\Run: [aclbap] rundll32.exe ",WriteStreamToFile File not found
O4 - HKU\S-1-5-21-1640542151-1329998912-343247229-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1640542151-1329998912-343247229-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53C3BD18-2B7F-43E2-B4C1-2F5739AE52FC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/31 21:47:09 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/11 19:44:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 19:44:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 19:44:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 19:44:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 19:44:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 19:44:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 19:44:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 19:44:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 19:44:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 19:44:13 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 19:44:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 19:44:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 19:44:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/11 19:24:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 19:24:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 19:24:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 19:24:27 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/07/11 19:24:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/07/11 19:24:14 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/11 19:24:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
========== Files - Modified Within 30 Days ==========
[2012/08/01 05:04:16 | 000,000,545 | ---- | M] () -- C:\windows\win.ini
[2012/08/01 05:04:01 | 002,097,152 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2012/08/01 05:00:37 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 05:00:37 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 04:53:14 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/08/01 04:53:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/01 04:53:05 | 4148,645,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 04:50:16 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/08/01 04:46:08 | 000,937,098 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2012/08/01 04:23:11 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 21:36:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/31 21:30:32 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/07/31 16:09:18 | 000,001,881 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/27 11:23:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 11:23:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 20:09:09 | 000,368,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/08/01 04:46:08 | 000,937,098 | -H-- | C] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2012/07/31 21:30:32 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/07/31 16:09:18 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/31 16:09:18 | 000,001,881 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/04/02 20:22:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/11 17:49:13 | 001,627,668 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/24 13:59:55 | 000,215,128 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/05/24 13:59:54 | 002,434,856 | ---- | C] () -- C:\windows\SysWow64\pbsvc_bc2.exe
[2011/05/24 13:59:54 | 000,075,064 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/05/10 18:23:56 | 000,581,120 | ---- | C] () -- C:\Program Files (x86)\lame.exe
[2011/05/10 18:23:56 | 000,495,104 | ---- | C] () -- C:\Program Files (x86)\lame_enc.dll
[2011/05/10 18:23:56 | 000,098,526 | ---- | C] () -- C:\Program Files (x86)\history.html
[2011/05/10 18:23:56 | 000,042,860 | ---- | C] () -- C:\Program Files (x86)\switchs.html
[2011/05/10 18:23:56 | 000,008,252 | ---- | C] () -- C:\Program Files (x86)\id3.html
[2011/05/10 18:23:56 | 000,006,835 | ---- | C] () -- C:\Program Files (x86)\node6.html
[2011/05/10 18:23:56 | 000,004,764 | ---- | C] () -- C:\Program Files (x86)\basic.html
[2011/05/10 18:23:56 | 000,003,920 | ---- | C] () -- C:\Program Files (x86)\contributors.html
[2011/05/10 18:23:56 | 000,002,240 | ---- | C] () -- C:\Program Files (x86)\modes.html
[2011/05/10 18:23:56 | 000,002,113 | ---- | C] () -- C:\Program Files (x86)\index.html
[2011/05/10 18:23:56 | 000,001,661 | ---- | C] () -- C:\Program Files (x86)\examples.html
[2011/05/10 18:23:56 | 000,000,708 | ---- | C] () -- C:\Program Files (x86)\lame.css
[2011/04/07 13:24:12 | 000,073,728 | ---- | C] () -- C:\windows\AKDeInstall.exe
[2011/04/07 13:10:54 | 000,000,664 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2011/04/07 13:09:54 | 000,171,265 | ---- | C] () -- C:\windows\hppins08.dat
[2011/04/07 13:09:54 | 000,001,116 | ---- | C] () -- C:\windows\hppmdl08.dat
[2011/04/07 13:09:42 | 003,189,760 | ---- | C] () -- C:\windows\SysWow64\hpbcfgre.DLL
[2011/04/07 13:04:40 | 000,000,064 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.pls
[2011/04/07 12:43:25 | 000,000,026 | ---- | C] () -- C:\windows\Irremote.ini
[2011/04/07 12:43:10 | 000,001,024 | ---- | C] () -- C:\Users\Admin\.rnd
[2011/04/06 23:48:41 | 000,083,104 | ---- | C] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/04/06 23:47:27 | 000,524,288 | -HS- | C] () -- C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/04/06 23:47:27 | 000,524,288 | -HS- | C] () -- C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/04/06 23:47:27 | 000,065,536 | -HS- | C] () -- C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/04/06 23:47:27 | 000,000,020 | -HS- | C] () -- C:\Users\Admin\ntuser.ini
[2011/04/06 23:47:26 | 002,097,152 | -HS- | C] () -- C:\Users\Admin\NTUSER.DAT
========== LOP Check ==========
[2011/10/14 00:09:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2012/06/18 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012/06/18 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/10 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EAC
[2012/01/11 22:34:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JAM Software
[2011/05/12 07:02:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mp3DirectCut
[2011/05/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TomTom
[2012/06/24 23:26:10 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
Inhalt von Extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 8/1/2012 4:55:58 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 68.44% Memory free
7.73 Gb Paging File | 6.34 Gb Available in Paging File | 82.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 16.22 Gb Free Space | 32.45% Space Free | Partition Type: NTFS
Drive D: | 227.99 Gb Total Space | 127.29 Gb Free Space | 55.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1268F1E5-B263-4A46-896E-5722B58E8231}" = lport=138 | protocol=17 | dir=in | app=system |
"{1626022D-8B8B-4E43-B7FC-5E8D20DA4819}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A2CA4F1-BFEC-475E-94F3-D9EC4A47915E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{272B0200-FB75-4B66-95F3-18FE83DB3165}" = lport=2869 | protocol=6 | dir=in | app=system |
"{33477F1B-ECD9-4B2F-89F8-FC338D61A366}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34E2C1F9-194D-4126-A720-FC595D936AB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37EE4B57-C6BD-44E1-902C-33F5838612CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39E0D80B-580E-43B7-809C-C335852B990B}" = rport=139 | protocol=6 | dir=out | app=system |
"{406993CE-F869-4B43-A5B0-299771D5B778}" = lport=10243 | protocol=6 | dir=in | app=system |
"{507C0660-907F-4673-8D94-C4ADD1A18164}" = lport=139 | protocol=6 | dir=in | app=system |
"{585C0152-7E3E-4BC6-BE60-9BDC1774649E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F237B74-1685-4F67-916C-B0589728088E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7326D640-FFF4-4EA5-B451-9E68547EB9AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83CBF9D1-61CE-472D-8F75-5A455CB850E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{A350AA42-C118-4AA4-8DDF-7E4A55D02F85}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B44E56FB-0CE0-415B-9FF8-25D9BD64F9E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4CEAA27-B34C-4795-9368-12730992169E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B7329026-3773-4C71-AF03-230E0B775BBA}" = rport=445 | protocol=6 | dir=out | app=system |
"{C202151E-F83D-4713-AC5F-F09932EC9EE6}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA5CED3D-12F5-4855-B2F1-24BEF275B42B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D05D2CDD-388A-4502-9B2F-A80FCE290800}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3871930-9455-4305-B1FA-2FE450C2E25D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D749E30D-DE03-44E1-9A82-8916231DBE36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA2DDFFF-2FA9-48BF-B670-84F4D09AE750}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E59B2DD2-C1EA-405E-ADF3-4D7FE7AA3F24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC495502-56AF-4C7D-83F6-DEAF97B4E855}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D88786-49B2-4C24-80ED-7A796D805AD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09CCCCD6-6BC6-4283-B49B-067663F56321}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1140AF3F-6BD2-4107-BCCD-64ABF22263F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B9FFDEA-E3F6-4F94-9C4E-74A96807F893}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3AC8CE54-6C14-4AFD-9747-5749FDE690BF}" = protocol=6 | dir=out | app=system |
"{3C9FF3DB-78ED-4F27-A44D-2255B79C03EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3CAA5188-5A1C-4415-8139-226F4044D3A4}" = protocol=6 | dir=in | app=d:\battlefield bad company 2\bfbc2updater.exe |
"{3E310BB0-E50B-424F-BF4A-F103ADBC5A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B8C746A-C2BF-499F-B8EF-E95CC1C93456}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FFB9566-5FF9-4708-95CD-F273E0B3B3E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55434875-8DFE-4FEF-9BE2-23707EE23610}" = protocol=17 | dir=in | app=d:\battlefield bad company 2\bfbc2updater.exe |
"{5800716C-8552-4D4F-A8A0-E151FB38036F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{62939E5F-7BDB-4905-8D27-5F04F618FE4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6538E13C-98BE-410F-9E57-5FAD371058C8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A2D816F-61EA-493F-B9DC-F718FEA2BBC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C2E0A9C-6450-427F-AD27-89979DF73817}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87350E32-6151-4D02-92FB-4E87DC134CF6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9426C32D-79B0-4824-8A8D-90A63D7C182C}" = protocol=6 | dir=in | app=c:\programme\spg-verein\v-menu.exe |
"{B828EF70-AF2A-4C03-A98C-9B33816DACCA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B885D73B-24D0-48C5-9339-F68BEE7F70B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B91616D4-E468-4A18-A237-05634934EFCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC880DAF-8C8E-4A98-9394-1E58D49FB8DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEC11607-CA29-4FC5-A6B6-0C35A6638091}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2E66011-609F-421E-8089-6FF90626983F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB2124D4-06EF-4A8C-995B-0B9DA8C1FAB1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CF917459-88B7-449F-A760-D12BF3554676}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CFB20F56-0B52-4DC0-B007-C58C0E29F689}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D04D24CF-41AD-4105-B1F2-D91AE1C3A24D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4BD5337-522B-41B0-8423-417B1F2DB6D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB749BDE-09CD-447B-B48A-25C72039A568}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F38B7F3E-333A-4C0F-A764-9A3DDEDDC3BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8CD5D17-B251-4839-8BD6-793BAA51EE70}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FAA5E3AF-9E76-469B-BB7D-B8D838DCAD0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAF974D7-9249-48F6-B97B-E7A02535016A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FB5CDD7D-F761-4CF5-B1CC-939E36A27075}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB930EE0-D321-48FC-92AA-DE29EBA5A35B}" = protocol=17 | dir=in | app=c:\programme\spg-verein\v-menu.exe |
"{FB9482B4-D5A5-440D-9F8D-F25B38E99951}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.2
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"LSI Soft Modem" = LSI HDA Modem
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1B10BB48-3697-4C87-B0BC-23FAC6130199}" = hppFaxDrvM1522
"{1F15B51B-0622-486A-A751-6D4EDD56842A}" = hppusgM1522
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{367B281B-82DC-4D37-9757-74FA350A7D20}" = hppLaserJetService
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DD85535-A50D-4A48-BF60-2BB36FDF3773}" = hppScanTo
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6DD734FE-F0D6-4B15-BD77-A4EADBA04DEA}" = hppLJM1522
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6A9D5A0-0827-49C2-A903-513045AE15D3}" = hppSendFaxM1522
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5BCC2-6B60-463F-ACC3-7788B790B82B}" = hpzTLBXFX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF41B595-62E3-407A-BE1F-267A2AF6CB4C}" = hppTLBXFXM1522
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9FFC925-E27E-436E-A2DF-652324D51031}" = Nero 8
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E352D262-66C1-4669-9522-8B57AA5AE201}" = hppManualsM1522
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PrintKey2000" = PrintKey2000
"PunkBusterSvc" = PunkBuster Services
"SPG-Verein" = SPG-Verein
"STANDARD" = Microsoft Office Standard 2007
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TreeSize Professional_is1" = TreeSize Professional V5.5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/28/2012 3:55:15 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/28/2012 3:55:15 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6100
Error - 2/28/2012 3:55:15 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6100
Error - 2/28/2012 3:55:16 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/28/2012 3:55:16 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7114
Error - 2/28/2012 3:55:16 AM | Computer Name = Laptop1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7114
Error - 2/28/2012 6:21:45 AM | Computer Name = Laptop1 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 2/28/2012 6:21:45 AM | Computer Name = Laptop1 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 2/28/2012 6:23:02 AM | Computer Name = Laptop1 | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 3/1/2012 1:51:04 AM | Computer Name = Laptop1 | Source = Windows Backup | ID = 4103
Description =
[ OSession Events ]
Error - 1/11/2012 1:39:34 PM | Computer Name = Laptop1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1763
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/31/2012 3:46:18 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 3:46:18 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 3:46:18 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 3:46:18 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 3:46:18 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 3:46:51 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/31/2012 4:09:31 PM | Computer Name = Laptop1 | Source = DCOM | ID = 10005
Description =
Error - 7/31/2012 10:23:00 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/31/2012 10:49:32 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 7/31/2012 10:53:19 PM | Computer Name = Laptop1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report > --- --- ---
Ich hoffe, bis jetzt alles richtig gemacht zu haben.
Freue mich über neue Nachricht/Hilfe.
Vielen Dank und Gruß, Don |