Hey,
noch mal kurz ergänzend, Anti-Malware hat den Eintrag "C:User\Anwender\7556965.dll" gefunden!??
Hoffe, dass dieser nun weg ist?
LG
Micha
Otl.txt:
OTL Logfile: Code:
otl logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0 folder = c:\users\anwender\downloads
home premium edition (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
========== processes (safelist) ==========
prc - [2013.04.21 16:43:20 | 000,602,112 | ---- | m] (oldtimer tools) -- c:\users\anwender\downloads\otl.exe
prc - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\sched.exe
prc - [2013.04.21 16:13:47 | 000,079,584 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avshadow.exe
prc - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avguard.exe
prc - [2013.04.21 16:13:40 | 000,345,312 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avgnt.exe
prc - [2013.02.02 06:19:04 | 000,757,296 | ---- | m] (microsoft corporation) -- c:\programme\internet explorer\iexplore.exe
prc - [2013.01.15 17:48:47 | 000,308,368 | ---- | m] (google inc.) -- c:\programme\google\google toolbar\googletoolbaruser_32.exe
prc - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) -- c:\programme\common files\adobe\arm\1.0\armsvc.exe
prc - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomeservice.exe
prc - [2012.04.20 07:59:02 | 000,247,728 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomerunner.exe
prc - [2011.02.26 07:33:07 | 002,614,784 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2010.04.02 11:18:54 | 001,185,112 | ---- | m] (canon inc.) -- c:\programme\canon\solution menu ex\cnsemain.exe
prc - [2010.03.25 04:50:00 | 002,516,296 | ---- | m] (canon inc.) -- c:\programme\canon\myprinter\bjmyprt.exe
prc - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) -- c:\programme\windows media player\wmpnetwk.exe
prc - [2009.07.14 03:14:42 | 000,049,152 | ---- | m] (microsoft corporation) -- c:\windows\system32\taskhost.exe
prc - [2008.05.02 02:44:08 | 000,805,392 | ---- | m] (logitech, inc.) -- c:\programme\logitech\setpoint\setpoint.exe
prc - [2008.05.02 02:40:56 | 000,076,304 | ---- | m] (logitech, inc.) -- c:\programme\common files\logishrd\khal2\khalmnpr.exe
prc - [2007.12.20 15:19:46 | 000,293,168 | ---- | m] (avm berlin) -- c:\programme\avmwlanstick\fritzwlanmini.exe
========== modules (no company name) ==========
mod - [2012.08.27 21:33:32 | 000,087,912 | ---- | m] () -- c:\programme\common files\apple\apple application support\zlib1.dll
mod - [2012.08.27 21:33:08 | 001,242,512 | ---- | m] () -- c:\programme\common files\apple\apple application support\libxml2.dll
========== services (safelist) ==========
srv - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\sched.exe -- (antivirschedulerservice)
srv - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\avguard.exe -- (antivirservice)
srv - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) [auto | running] -- c:\programme\common files\adobe\arm\1.0\armsvc.exe -- (adobearmservice)
srv - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\programme\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice)
srv - [2009.07.14 03:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\sensrsvc.dll -- (sensrsvc)
srv - [2009.07.14 03:15:41 | 000,680,960 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows defender\mpsvc.dll -- (windefend)
srv - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows media player\wmpnetwk.exe -- (wmpnetworksvc)
srv - [2008.05.02 02:42:06 | 000,121,360 | ---- | m] (logitech, inc.) [on_demand | stopped] -- c:\programme\common files\logishrd\bluetooth\lbtserv.exe -- (lbtserv)
========== driver services (safelist) ==========
drv - [2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avipbb.sys -- (avipbb)
drv - [2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) [file_system | auto | running] -- c:\windows\system32\drivers\avgntflt.sys -- (avgntflt)
drv - [2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avkmgr.sys -- (avkmgr)
drv - [2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) [kernel | system | stopped] -- c:\windows\system32\drivers\ssmdrv.sys -- (ssmdrv)
drv - [2010.04.08 20:32:36 | 000,215,656 | ---- | m] (nvidia corporation) [kernel | boot | stopped] -- c:\windows\system32\drivers\nvstor32.sys -- (nvstor32)
drv - [2010.03.04 12:26:56 | 000,296,936 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvmf6232.sys -- (nvnet)
drv - [2009.07.14 01:51:11 | 000,034,944 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\winusb.sys -- (winusb)
drv - [2009.07.14 00:02:52 | 000,347,264 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvm62x32.sys -- (nvenetfd)
drv - [2009.06.10 23:19:48 | 009,853,248 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvlddmkm.sys -- (nvlddmkm)
drv - [2008.02.29 03:13:24 | 000,036,880 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lmoufilt.sys -- (lmoufilt)
drv - [2008.02.29 03:13:16 | 000,035,344 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lhidfilt.sys -- (lhidfilt)
drv - [2007.12.19 02:00:00 | 000,401,920 | ---- | m] (avm gmbh) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\fwlanusbn.sys -- (fwlanusbn)
drv - [2007.11.07 03:00:00 | 000,004,352 | ---- | m] (avm berlin) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\avmeject.sys -- (avmeject)
========== standard registry (safelist) ==========
========== internet explorer ==========
ie - hklm\..\searchscopes,defaultscope =
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hku\.default\..\searchscopes,defaultscope =
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-18\..\searchscopes,defaultscope =
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-19\..\searchscopes,defaultscope =
ie - hku\s-1-5-20\..\searchscopes,defaultscope =
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page = Google
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 60 d8 68 f2 f1 6c ca 01 [binary data]
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\urlsearchhook: - no clsid value found
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = fritz.box;192.168.178.1;192.168.178.254;169.254.1.1;*.local
========== firefox ==========
ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer: C:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=: File not found
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=1.0: C:\program files\itunes\mozilla plugins\npitunes.dll ()
ff - hklm\software\mozillaplugins\@canon.com/eppex: C:\program files\canon\easy-photoprint ex\npezffpi.dll (canon inc.)
ff - hklm\software\mozillaplugins\@java.com/javaplugin: C:\program files\java\jre6\bin\new_plugin\npjp2.dll (sun microsystems, inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\adobe reader: C:\program files\adobe\reader 10.0\reader\air\nppdf32.dll (adobe systems inc.)
ff - hkey_local_machine\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions\home2@tomtom.com
========== chrome ==========
chr - default_search_provider: Google (enabled)
chr - default_search_provider: Search_url = {google:baseurl}search?q={searchterms}&{google:rlz}{google:acceptedsuggestion}{google:originalqueryforsuggestion}{google:searchfieldtrialparameter}sourceid=chrome&ie={inputencoding}
chr - default_search_provider: Suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}client=chrome&hl={language}&q={searchterms}
chr - homepage: Google
o1 hosts file: ([2009.06.10 23:39:37 | 000,000,824 | ---- | m]) - c:\windows\system32\drivers\etc\hosts
o4 - hklm..\run: [apsdaemon] c:\program files\common files\apple\apple application support\apsdaemon.exe (apple inc.)
o4 - hklm..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe (avira operations gmbh & co. Kg)
o4 - hklm..\run: [avmwlanclient] c:\programme\avmwlanstick\fritzwlanmini.exe (avm berlin)
o4 - hklm..\run: [canonmyprinter] c:\program files\canon\myprinter\bjmyprt.exe (canon inc.)
o4 - hklm..\run: [canonsolutionmenuex] c:\program files\canon\solution menu ex\cnsemain.exe (canon inc.)
o4 - hklm..\run: [kernel and hardware abstraction layer] c:\windows\khalmnpr.exe (logitech, inc.)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [eadm] c:\program files\origin\origin.exe (electronic arts)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [tomtomhome.exe] c:\program files\tomtom home 2\tomtomhomerunner.exe (tomtom)
o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o10 - namespace_catalog5\catalog_entries\000000000007 [] - c:\programme\bonjour\mdnsnsp.dll (apple inc.)
o13 - gopher prefix: Missing
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted domains: Fritz.box ([]* in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range1 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range2 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range3 ([*] in local intranet)
o16 - dpf: {166b1bca-3f9c-11cf-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (shockwave activex control)
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-0016-0000-0029-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 80.69.103.78 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{383b7c90-76db-45e0-89f5-6d048e2e3b91}: Dhcpnameserver = 192.168.178.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{47abd2cd-0c9e-4f84-b0a6-ce1599779cc8}: Dhcpnameserver = 80.69.103.78 192.168.0.1
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - winlogon\notify\lbtwlgn: Dllname - (c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll) - c:\programme\common files\logishrd\bluetooth\lbtwlgn.dll (logitech, inc.)
o21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2009.06.10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell - "" = autorun
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell\autorun\command - "" = d:\reatogomenu.exe
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell - "" = autorun
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell\autorun\command - "" = e:\pushinst.exe
o34 - hklm bootexecute: (autocheck autochk *)
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3)
o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2)
o38 - subsystems\\windows: (serverdll=sxssrv,4)
========== files/folders - created within 180 days ==========
[2013.04.21 21:14:43 | 002,237,440 | r--- | c] (oldtimer tools) -- c:\otlpe.exe
[2013.04.21 21:14:43 | 000,000,000 | ---d | c] -- c:\_otl
[2013.04.21 16:34:46 | 000,758,784 | ---- | c] (nvidia corporation) -- c:\windows\system32\cohelper.dll
[2013.04.21 16:34:45 | 000,000,000 | ---d | c] -- c:\program files\nvidia corporation
[2013.04.21 16:34:19 | 000,953,856 | ---- | c] (nvidia corporation) -- c:\windows\system32\fdco2.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraiins.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraidco.dll
[2013.04.21 16:34:19 | 000,296,936 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvmf6232.sys
[2013.04.21 16:34:19 | 000,215,656 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvstor32.sys
[2013.04.21 16:34:19 | 000,207,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvconrm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoptb.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoit.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofr.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoesm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoes.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcode.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcosv.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoru.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcono.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrconl.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofi.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoda.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoenu.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoeng.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoko.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoja.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozht.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozhc.dll
[2013.04.21 16:33:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\avira
[2013.04.21 16:28:10 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\avira
[2013.04.21 16:27:57 | 000,028,520 | ---- | c] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 16:27:56 | 000,135,136 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:27:56 | 000,084,744 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:27:56 | 000,037,352 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\programdata\avira
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\program files\avira
[2013.04.21 16:18:22 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\malwarebytes
[2013.04.21 16:17:58 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes
[2013.04.21 16:17:57 | 000,022,856 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.21 16:17:57 | 000,000,000 | ---d | c] -- c:\program files\malwarebytes' anti-malware
[2013.04.21 16:17:44 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\programs
[2013.04.21 13:39:07 | 000,000,000 | ---d | c] -- c:\system-sicherheit_mj
[2013.04.02 18:43:05 | 000,015,872 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.03.13 13:39:51 | 002,382,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.03.13 13:39:49 | 000,065,024 | ---- | c] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.03.13 13:39:45 | 000,607,744 | ---- | c] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.03.13 13:39:45 | 000,176,640 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.03.13 13:39:45 | 000,142,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.03.13 13:39:44 | 001,800,704 | ---- | c] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.03.13 13:39:44 | 000,231,936 | ---- | c] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.03.13 13:39:43 | 001,427,968 | ---- | c] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.14 12:32:43 | 002,345,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.02.14 12:32:41 | 003,957,608 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.02.14 12:32:41 | 003,902,312 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.02.14 12:32:38 | 000,187,240 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.02.14 12:32:33 | 000,271,360 | ---- | c] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.02.14 12:32:33 | 000,169,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.02.14 12:32:33 | 000,005,120 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 12:32:32 | 000,006,144 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\program files\origin games
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\origin
[2013.01.18 19:06:45 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\origin
[2013.01.18 19:02:13 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\electronic arts
[2013.01.18 19:01:51 | 000,000,000 | ---d | c] -- c:\program files\origin
[2013.01.09 13:54:16 | 000,308,736 | ---- | c] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2013.01.09 13:54:16 | 000,046,592 | ---- | c] (microsoft) -- c:\windows\system32\fpb.rs
[2013.01.09 13:54:16 | 000,045,568 | ---- | c] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2013.01.09 13:54:16 | 000,044,544 | ---- | c] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2013.01.09 13:54:16 | 000,043,520 | ---- | c] (microsoft) -- c:\windows\system32\csrr.rs
[2013.01.09 13:54:16 | 000,040,960 | ---- | c] (microsoft) -- c:\windows\system32\cob-au.rs
[2013.01.09 13:54:16 | 000,030,720 | ---- | c] (microsoft) -- c:\windows\system32\usk.rs
[2013.01.09 13:54:16 | 000,021,504 | ---- | c] (microsoft) -- c:\windows\system32\grb.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi.rs
[2013.01.09 13:54:16 | 000,015,360 | ---- | c] (microsoft) -- c:\windows\system32\djctq.rs
[2013.01.09 13:54:15 | 002,576,384 | ---- | c] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2013.01.09 13:54:14 | 000,055,296 | ---- | c] (microsoft) -- c:\windows\system32\cero.rs
[2013.01.09 13:54:14 | 000,051,712 | ---- | c] (microsoft) -- c:\windows\system32\esrb.rs
[2013.01.09 13:54:14 | 000,023,552 | ---- | c] (microsoft) -- c:\windows\system32\oflc.rs
[2013.01.09 13:54:14 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2013.01.09 13:53:56 | 000,219,136 | ---- | c] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.12.22 12:34:33 | 000,295,424 | ---- | c] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.22 12:34:33 | 000,034,304 | ---- | c] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.13 17:36:58 | 000,376,832 | ---- | c] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.12.13 17:36:51 | 000,002,048 | ---- | c] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.16 17:04:20 | 000,047,720 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\wdfldr.sys
[2012.11.16 17:04:20 | 000,009,728 | ---- | c] (microsoft corporation) -- c:\windows\system32\wdfres.dll
[2012.11.16 17:04:03 | 000,613,888 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfx.dll
[2012.11.16 17:04:03 | 000,172,032 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfplatform.dll
[2012.11.16 17:04:03 | 000,038,912 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfcoinstaller.dll
[2012.11.16 16:59:58 | 000,078,336 | ---- | c] (microsoft corporation) -- c:\windows\system32\synceng.dll
[2012.11.08 15:12:24 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\klett - playway 4
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\apple computer
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple computer
[2012.10.24 21:17:25 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\itunes
[2012.10.24 21:17:20 | 000,000,000 | ---d | c] -- c:\windows\system32\drvstore
[2012.10.24 21:16:35 | 000,000,000 | ---d | c] -- c:\program files\ipod
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\program files\itunes
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\apple computer
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\188f1432-103a-4ffb-80f1-36b633c5c9e1
[2012.10.24 21:15:52 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple
[2012.10.24 21:15:50 | 000,000,000 | ---d | c] -- c:\program files\apple software update
[2012.10.24 21:15:05 | 000,000,000 | ---d | c] -- c:\program files\bonjour
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\programdata\apple
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\program files\common files\apple
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\4.0
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\.tfo4
[2012.10.24 18:19:48 | 000,000,000 | ---d | c] -- c:\programdata\sun
[2012.10.24 18:19:47 | 000,000,000 | ---d | c] -- c:\program files\common files\java
[2012.10.24 18:19:27 | 000,472,808 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:27 | 000,157,472 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2012.10.24 18:19:13 | 000,000,000 | ---d | c] -- c:\program files\java
========== files - modified within 180 days ==========
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:28:10 | 000,001,940 | ---- | m] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:26:49 | 000,001,098 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2013.04.21 16:26:40 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2013.04.21 16:26:35 | 1559,928,832 | -hs- | m] () -- c:\hiberfil.sys
[2013.04.21 16:17:59 | 000,001,067 | ---- | m] () -- c:\users\public\desktop\malwarebytes anti-malware.lnk
[2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 12:45:50 | 000,002,129 | ---- | m] () -- c:\users\public\desktop\google chrome.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.02 17:55:00 | 000,001,102 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2013.03.14 10:41:40 | 000,654,150 | ---- | m] () -- c:\windows\system32\perfh007.dat
[2013.03.14 10:41:40 | 000,616,032 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2013.03.14 10:41:40 | 000,130,022 | ---- | m] () -- c:\windows\system32\perfc007.dat
[2013.03.14 10:41:40 | 000,106,412 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2013.02.14 13:13:07 | 000,269,712 | ---- | m] () -- c:\windows\system32\fntcache.dat
[2013.02.12 15:51:24 | 000,015,872 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.02.02 05:38:35 | 001,800,704 | ---- | m] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.02.02 05:30:32 | 001,427,968 | ---- | m] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.02 05:29:22 | 000,231,936 | ---- | m] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.02.02 05:27:56 | 000,065,024 | ---- | m] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.02.02 05:26:47 | 000,142,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.02.02 05:25:16 | 000,607,744 | ---- | m] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.02.02 05:23:28 | 002,382,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.02.02 05:20:00 | 000,176,640 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.01.17 02:28:58 | 000,232,336 | ---- | m] (microsoft corporation) -- c:\windows\system32\mpsigstub.exe
[2013.01.05 07:02:17 | 003,957,608 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.01.05 07:02:17 | 003,902,312 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.01.04 06:55:09 | 000,187,240 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.01.04 06:50:40 | 000,169,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.01.04 06:43:54 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.04 06:43:52 | 000,005,120 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.04 05:00:30 | 002,345,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.01.04 04:59:29 | 000,271,360 | ---- | m] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.01.04 04:43:35 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.04 04:43:34 | 000,006,144 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.01.04 04:43:34 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.04 04:43:34 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.12.16 16:25:27 | 000,295,424 | ---- | m] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.16 16:25:19 | 000,034,304 | ---- | m] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.07 07:04:20 | 000,308,736 | ---- | m] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2012.12.07 06:57:38 | 002,576,384 | ---- | m] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2012.12.07 05:21:08 | 000,045,568 | ---- | m] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2012.12.07 05:21:08 | 000,044,544 | ---- | m] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2012.12.07 05:21:08 | 000,043,520 | ---- | m] (microsoft) -- c:\windows\system32\csrr.rs
[2012.12.07 05:21:08 | 000,030,720 | ---- | m] (microsoft) -- c:\windows\system32\usk.rs
[2012.12.07 05:21:08 | 000,023,552 | ---- | m] (microsoft) -- c:\windows\system32\oflc.rs
[2012.12.07 05:21:07 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi.rs
[2012.12.07 05:21:05 | 000,055,296 | ---- | m] (microsoft) -- c:\windows\system32\cero.rs
[2012.12.07 05:21:05 | 000,051,712 | ---- | m] (microsoft) -- c:\windows\system32\esrb.rs
[2012.12.07 05:21:05 | 000,046,592 | ---- | m] (microsoft) -- c:\windows\system32\fpb.rs
[2012.12.07 05:21:05 | 000,021,504 | ---- | m] (microsoft) -- c:\windows\system32\grb.rs
[2012.12.07 05:21:04 | 000,040,960 | ---- | m] (microsoft) -- c:\windows\system32\cob-au.rs
[2012.12.07 05:21:04 | 000,015,360 | ---- | m] (microsoft) -- c:\windows\system32\djctq.rs
[2012.11.20 07:10:07 | 000,219,136 | ---- | m] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.11.09 06:49:37 | 000,002,048 | ---- | m] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.08 15:12:25 | 000,002,699 | ---- | m] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.11.02 06:48:28 | 000,376,832 | ---- | m] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.10.24 21:17:25 | 000,001,753 | ---- | m] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 18:19:16 | 000,472,808 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:16 | 000,157,472 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\java.exe
========== files created - no company name ==========
[2013.04.21 16:34:46 | 000,010,084 | ---- | c] () -- c:\windows\system32\drivers\nvphy.bin
[2013.04.21 16:28:10 | 000,001,940 | ---- | c] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:17:59 | 000,001,067 | ---- | c] () -- c:\users\public\desktop\malwarebytes anti-malware.lnk
[2012.11.16 17:04:21 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_kernel_01011_inbox_critical.wdf
[2012.11.16 17:04:03 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_user_01_11_00_inbox_critical.wdf
[2012.11.08 15:12:25 | 000,002,699 | ---- | c] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.10.24 21:17:25 | 000,001,753 | ---- | c] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 21:15:50 | 000,002,519 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\apple software update.lnk
[2010.05.30 10:56:09 | 000,000,760 | ---- | c] () -- c:\users\anwender\appdata\roaming\setup_ldm.iss
========== zeroaccess check ==========
[2009.07.14 06:42:31 | 000,000,227 | rhs- | m] () -- c:\windows\assembly\desktop.ini
[hkey_current_user\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
[hkey_current_user\software\classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\inprocserver32]
[hkey_local_machine\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
"" = %systemroot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | m] (microsoft corporation)
"threadingmodel" = apartment
[hkey_local_machine\software\classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\inprocserver32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | m] (microsoft corporation)
"threadingmodel" = free
[hkey_local_machine\software\classes\clsid\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\inprocserver32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | m] (microsoft corporation)
"threadingmodel" = both
< end of report >
--- --- ---
[/quote]
extras.txt:
OTL Logfile: Code:
otl extras logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0 folder = c:\users\anwender\downloads
home premium edition (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
========== extra registry (safelist) ==========
========== file associations ==========
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\system32\control.exe (microsoft corporation)
.hlp [@ = hlpfile] -- c:\windows\winhlp32.exe (microsoft corporation)
========== shell spawning ==========
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Hlpfile [open] -- %systemroot%\winhlp32.exe %1 (microsoft corporation)
htmlfile [edit] -- reg error: Key error.
Htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,printhtml "%1"
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
========== security center settings ==========
[hkey_local_machine\software\microsoft\security center]
"cval" = 0
[hkey_local_machine\software\microsoft\security center\monitoring]
[hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = reg error: Unknown registry data type -- file not found
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
========== firewall settings ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1
========== authorized applications list ==========
========== vista active open ports exception list ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{15682f4b-9d73-476d-8abd-c3213803c436}" = lport=139 | protocol=6 | dir=in | app=system |
"{260305e8-70ea-4cd1-be57-637cf9873b28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30663f4d-77e2-4c55-9ce3-536457e90f28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3ed4728f-bcb7-4f6e-9f28-1c6481d0ef00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4a4ac904-8c1f-45a0-a6bb-35578b509c02}" = rport=138 | protocol=17 | dir=out | app=system |
"{6b723652-a341-4d03-8ff5-80d0ca4a1917}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6e3d0c8d-58eb-4155-ae13-57de214493b9}" = lport=138 | protocol=17 | dir=in | app=system |
"{70338daa-51e9-4817-8ceb-7299ee835d86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{721933cc-96ea-4883-82c6-65144ba2beb3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7b5f1dc9-c85e-4451-9435-75d4c32e3812}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9976fa6e-ac61-44d3-a283-699f4b6d27b4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9d521eeb-861b-4d01-948f-c08c15110945}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9f2e9688-9015-4d22-9dc4-c79b5bf6ac74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{af35ff50-4f2d-47e9-9330-ceef1f8d851a}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{b237fd5a-3faa-4589-aeba-b218623daace}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ca880501-ee3e-4028-ad44-b8967caa6f86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ddd125eb-3cae-4174-bca1-b12555a64f47}" = rport=137 | protocol=17 | dir=out | app=system |
"{e58a8171-8785-4362-96fa-c4b09e45ef35}" = rport=139 | protocol=6 | dir=out | app=system |
"{e8b95b1b-4486-4059-941e-4db8083286a7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{e9aa2ec5-7380-4a65-8a42-840385013f44}" = lport=137 | protocol=17 | dir=in | app=system |
"{f538f7e6-f04d-4a19-9a8f-4e8b1d2c8194}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{f59c4cfc-b538-45d0-b16b-fd10c605c449}" = rport=445 | protocol=6 | dir=out | app=system |
"{fa7896e3-41ee-45bd-a070-fc87b708cbb9}" = lport=445 | protocol=6 | dir=in | app=system |
========== vista active application exception list ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{018f1735-e031-45ba-9f52-4d527b50e513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0313e384-91cf-4cbc-a8c2-ebb07c6c8523}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{0c1b7e5d-e504-4830-a877-8a6908a562d5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0f3daac2-6a04-4d23-9a0d-1b72b0053b01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{10650589-32a2-4453-9c74-460516361089}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{195dc63b-b99b-43a0-b6b2-bca87f65e0d0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19f370f8-d451-4781-baf1-f1fa0cb80103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1c52ef5a-6375-42fc-b0f7-05f1e47fbe72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{215ba85a-4581-4c39-99a8-4dfaffe321f8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{237695db-b3fb-46f9-b1f2-9367affca8ad}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{25a853a5-9701-4000-9956-4c4bddd4635c}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29a0fa61-ed5b-4d92-82a7-cfdf9ddfbbc9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{29b6945b-f925-4e1c-bd22-f35f342bf3ab}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38ccdee7-4464-4116-afd0-d3a10d39b9e3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{444e22c9-da89-4c64-a7c5-e59c327159b7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4ff494fb-12f0-4a05-9173-2d854f160cd1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{575c5c70-41dd-44a4-9a21-2f83b1bc5d18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5fb1b719-a9f2-4e8f-beba-9356753acab4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8d5f8688-dfb1-4bd1-9c95-8216b85f2dd1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97a3ba19-58d1-492d-86a8-b3c6b4784dd0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99f0dc9b-6f5d-4cf9-82bc-db2dae269518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9b263263-1b10-42e3-94ef-492d6da6e271}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9b7dfaa4-9aa7-4231-b58a-164f0089b34c}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{a01879ca-cb21-4075-add8-199ba49401d2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{a5823e25-76d8-4c13-be55-660977702b98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{a698630b-7888-4cbc-9b2d-3bc95c447462}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{b849dda3-cb9e-4e88-8148-c05a4e6142a4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{bc95f758-af15-45d5-beec-eed9b421845e}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{d2d2887f-b2c8-4f6e-9c9f-9fa9e38a1e5e}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{d83fd2de-b0b9-4949-915b-eadb6f4a2505}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{de747acc-8933-4953-9818-83d3abce8829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{de836bac-07cd-4296-9c90-29ce5f687f0a}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{df93638a-7b8a-4643-b060-b28c9c96b7ff}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{e0992697-16ea-418a-83ea-93116ac86919}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{ea2d15f6-0c3c-43b3-8643-27f9b943351f}" = protocol=6 | dir=out | app=system |
"{ebfbb4bf-01d8-429b-840e-1bc2da993b6d}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ed782b2a-53db-4584-9269-7753a5089030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{fd2fc667-5f9d-43d3-be67-1ea3a834c7bc}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"tcp query user{3df6cf64-3fe4-439d-9e2f-b5b2b9ea9030}c:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"udp query user{5e006ce9-981c-4516-949b-b39a9eb1faf9}c:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== hkey_local_machine uninstall list ==========
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{0c826c5b-b131-423a-a229-c71b3caccd6a}" = cddrv_installer
"{0f367ca3-3b2f-43f9-a44a-25a8ee69e45d}" = scan
"{0f6f6876-6334-4977-b5dd-cfc12e193420}" = itunes
"{1199fad5-9546-44f3-81cf-ffdb8040b7bf}_canon_mg5100_series" = canon mg5100 series mp drivers
"{17285384-0749-44af-b75d-2ea74dc58822}" = playway 3
"{175f0111-2968-4935-8f70-33108c6a4de3}" = marketresearch
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{21a2f5ee-1dc5-488a-be7e-e526f8c61488}" = devicediscovery
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{26a24ae4-039d-4ca4-87b4-2f83216029ff}" = java(tm) 6 update 29
"{2eea7aa4-c203-4b90-a34f-19fb7ef1c81c}" = bufferchm
"{3101cb58-3482-4d21-af1a-7057fc935355}" = khalinstallwrapper
"{3a4d5e2d-988d-4ee9-8e7f-3ac200a2b8f5}" = 4500g510nz_software_min
"{3c3901c5-3455-3e0a-a214-0b093a5070a6}" = microsoft .net framework 4 client profile
"{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}" = erlt
"{43cdf946-f5d9-4292-b006-ba0d92013021}" = webreg
"{440b915a-0c85-45db-92ae-75ae14704a64}" = fax
"{4a03706f-666a-4037-7777-5f2748764d10}" = java auto updater
"{4a70ef07-7f88-4434-bb61-d1de8ae93dd4}" = solutioncenter
"{5b05ff91-f20c-4832-a8de-e1912639c17c}" = 4500g510nz
"{5fdd02c7-9a97-43ed-9bc2-892c3a67aa26}" = playway 2
"{612c34c7-5e90-47d8-9b5c-0f717dd82726}" = swmsm
"{63ec2120-1742-4625-aa47-c6a8aec9c64c}" = apple application support
"{63ff21c9-a810-464f-b60a-3111747b1a6d}" = gpbaseservice2
"{67aad4a9-b77c-452b-ae50-9ee8af4bc350}" = playway 4
"{68a10d12-0d0f-4212-bde6-d87fad32a8fa}" = smartwebprinting
"{690879a5-18ef-447b-98d6-b699d51008ab}" = 4500_g510nz_help
"{6b2ffb21-ac88-45c3-9a7d-4bb3e744ec91}" = hpssupply
"{6bba26e9-ab03-4fe7-831a-3535584ca002}" = toolbox
"{7059bda7-e1db-442c-b7a1-6144596720a4}" = hp update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{789a5b64-9dd9-4ba5-915a-f0fc0a1b7bfe}" = apple software update
"{79155f2b-9895-49d7-8612-d92580e0de5b}" = bonjour
"{7e0e61cc-1c99-429d-bea7-c4dd5b898d2a}" = hp officejet 4500 g510n-z
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{92127af5-fdd8-4adf-bc40-c356c9ee0b7d}" = 32 bit hp cio components installer
"{92a51949-ee4c-466d-aaf0-99e74a49a63f}" = docmgr
"{9b362566-ec1b-4700-bb9c-ec661bde2175}" = docproc
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = google update helper
"{ac76ba86-7ad7-1031-7b44-aa1000000001}" = adobe reader x (10.1.4) - deutsch
"{ae8705fb-e13c-40a9-8a2d-68d6733fbfc2}" = status
"{aec0cebc-0fc7-4716-8222-1c4a742719b1}" = samsung master
"{b2455727-ed8f-4643-8a6e-f4ab8de3633d}" = network
"{bd7204ba-dd64-499e-9b55-6a282cdf4fa4}" = destinations
"{c43326f5-f135-4551-8270-7f7aba0462e1}" = hpproductassistant
"{d4ddfaa1-ec37-4529-ad5b-a433ade68662}" = apple mobile device support
"{dc0a5f99-fd66-433f-9d3a-05dcba64be42}" = trayapp
"{f0c3e5d1-1ade-321e-8167-68ef0de699a5}" = microsoft visual c++ 2010 x86 redistributable - 10.0.40219
"{f29b21bd-caa6-445f-8ef7-a7e2b9d8b14e}" = logitech setpoint
"{f750c986-5310-3a5a-95f8-4ec71c8ac01c}" = microsoft .net framework 4 client profile deu language pack
"adobe flash player activex" = adobe flash player 10 activex
"adobe shockwave player" = adobe shockwave player 11.6
"avira antivir desktop" = avira free antivirus
"canon mg5100 series benutzerregistrierung" = canon mg5100 series benutzerregistrierung
"canonmyprinter" = canon my printer
"canonsolutionmenuex" = canon solution menu ex
"die förderpyramide 1" = die förderpyramide 1
"easy-photoprint ex" = canon easy-photoprint ex
"google chrome" = google chrome
"hp document manager" = hp document manager 2.0
"hp imaging device functions" = hp imaging device functions 13.0
"hp smart web printing" = hp smart web printing 4.5
"hp solution center & imaging support tools" = hp solution center 13.0
"hpextendedcapabilities" = hp customer participation program 13.0
"hpocr" = ocr software by i.r.i.s. 13.0
"malwarebytes' anti-malware_is1" = malwarebytes anti-malware version 1.75.0.1300
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 client profile deu language pack" = microsoft .net framework 4 client profile deu language pack
"mp navigator ex 4.0" = canon mp navigator ex 4.0
"nvidia drivers" = nvidia drivers
"origin" = origin
"pc-kids deutsch 4_is1" = pc-kids deutsch 4
"pc-kids mathematik 3_is1" = pc-kids mathematik 3
"shop for hp supplies" = shop for hp supplies
"tomtom home" = tomtom home 2.8.4.2596
========== last 20 event log errors ==========
[ application events ]
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 6193
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 6193
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 7207
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 7207
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 8206
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 8206
error - 21.04.2013 11:05:03 | computer name = anwender-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Origin.exe, version: 9.1.15.109,
zeitstempel: 0x514b5484 name des fehlerhaften moduls: Originclient.dll, version:
9.1.15.109, zeitstempel: 0x514b5468 ausnahmecode: 0xc0000005 fehleroffset: 0x00298b9d
id
des fehlerhaften prozesses: 0x8fc startzeit der fehlerhaften anwendung: 0x01ce3ea18f05e4e0
pfad
der fehlerhaften anwendung: C:\program files\origin\origin.exe pfad des fehlerhaften
moduls: C:\program files\origin\originclient.dll berichtskennung: D7764bc0-aa94-11e2-8cfc-00241da4cf5c
[ system events ]
error - 21.04.2013 11:07:02 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig:
Winmgmt. Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 11:08:11 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 11:10:27 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig:
Winmgmt. Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 11:06:15 | computer name = anwender-pc | source = eventlog | id = 6008
description = das system wurde zuvor am ?21.?04.?2013 um 15:53:59 unerwartet heruntergefahren.
Error - 21.04.2013 11:06:21 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 11:08:36 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig:
Winmgmt. Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 10:12:29 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 10:14:42 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig:
Winmgmt. Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 10:26:49 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
Dieser dienst ist eventuell nicht installiert.
Error - 21.04.2013 10:28:51 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig:
Winmgmt. Dieser dienst ist eventuell nicht installiert.
< end of report >
--- --- --- |
