Hier sind die logfiles von schritt 2. Extras.Txt:OTL Logfile: Code:
OTL Extras logfile created on: 26.01.2011 16:57:49 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,63 Gb Total Space | 498,96 Gb Free Space | 85,64% Space Free | Partition Type: NTFS
Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 90 05 40 80 78 90 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4518FFBB-6865-4C32-9623-6845CDA05990}" = rport=139 | protocol=6 | dir=out | app=system |
"{45BD829E-0E98-4D00-9A43-D46866FE8B61}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FC1A17F-823E-45F6-9E4E-953A8A9643F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D09C253-06AC-4279-AE89-1D610D5E3032}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B72CB3D-4A62-4F74-92A7-92D63A7478E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F74368E-29FC-4693-BE40-C5762B6CC2E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{A13893E2-178E-4B65-A48C-5BFE6252A8A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2C7A3E3-1CE3-44F8-94D6-BD7A70E38F35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E588C3A1-C5A8-4EDC-8452-DD53A73A9CDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6EF34C0-6A32-44EC-9F88-9977B6CA335C}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019648AF-DCC2-40A8-9F85-D5A14741A19D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{039827DC-7D7D-4240-ADAB-670A2136DEB7}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{0401D4CD-C3B1-4FC6-BE3D-96E85BD21BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0849B371-4B27-4E41-9632-16D72E80EA69}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{13EF5880-10F1-42DF-9531-4D9235041FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{142CF540-DB64-465E-A8C1-9F78FA381836}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1487D617-91DB-4E3D-B612-51E5C0F29604}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{20506BDA-24D5-4C19-BDB4-E52698E974E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe |
"{20F9CBCA-FCFD-49E7-850A-7E7CF1D0182B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{21554A6A-094F-46A4-A21C-7A75D6CDBADD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23738E23-9A80-4A90-9833-2FEC6ABCD3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{25BAA5A7-F773-457C-82CA-AD7E70595BA6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{271D3AA4-0330-4261-9A9A-BAB980F4ECE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{27EB6CB9-ACF0-440F-B118-B6629CE85965}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{28734F18-546E-441E-A108-AFFB99130D94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2BD18D2B-7496-48BB-B48B-EA2C4271194E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe |
"{3C08C86F-B206-4F41-9EB4-769EA1D366BF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{40723397-DC8A-4990-96D9-DBE3F34B2FC1}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{422B03C0-3990-4510-BE76-64C40253E68E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{436FDFD0-B932-40F6-91C8-0623AECF031B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{446637F4-146E-4585-A0E7-6CEDD9D179B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{4CA801BA-7559-42D8-AE1E-A9AFC4E71BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{5BB8C2A5-7E47-4F69-9629-C88905A16187}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{660F0B2C-4C89-4615-BD13-0E9115EC43BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{68ED4FD4-FF99-47CA-813D-3726EB1DEF5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{692E5D75-7B9B-4CD0-B61D-FABAC8782B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{78DB472D-485F-463A-9B18-81251DEFDB5F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{7C71BA6F-8EC3-4B20-92FA-B0C6F40F9820}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D24ECB9-E57D-40F3-8EE0-527FC0C9C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{7E49A71C-8A4A-4E07-B3C1-E41483808039}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{82157C68-F9B5-4669-A3F7-B8A16B0C547F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe |
"{92EBA246-8957-44E9-96DA-2D10B3FDCE84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{982210A8-8C87-4AAE-87DF-DD44E9286626}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe |
"{9DF83B4A-1CF6-46B1-92F5-62E3A4D1735C}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{A173CCEF-F1BD-429D-A6B9-BCFF29E85C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A2E7F8AB-59C4-4636-A926-A561385420D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe |
"{A43BB0ED-2609-4363-8752-12860EADAE2B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{A7E5AD5C-6DB4-4C1C-B43E-0A58AAAE64F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B1CB62C3-322E-46B6-A04A-0D03E23E66D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B81A97FD-6D30-4DC3-84B5-A216DBEEF91F}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{BAC1C0D4-F5AD-4F81-9D40-CB11A86C5983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BB18F5BA-91DD-4D01-8E6A-1FE6C90F7847}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{BB73DD23-29CA-4705-95AF-978025FA5552}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BBEECF8D-E835-4A85-A955-24C7C872CDAE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEAEF824-70CE-4B74-99A4-A8E42202C766}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe |
"{C22BED7D-8557-494F-BEC8-62ED2994B64D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6B99E66-3530-4A42-BB16-89B1D30484C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{CDD680F7-F262-4899-81C9-C66C060D2A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe |
"{CE2C4E72-C59A-4868-827A-BFBEED6A6C46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1E5B58C-8A17-4D56-AD6F-A9851B46BC73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe |
"{D801D64F-AE04-4A17-A0E7-E0D2FE034CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DA640E91-A7F4-4CC2-8747-51E84FD98FDD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{E693F32E-DB68-46CF-997D-985D3803EB9D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E82A5C23-7BCA-450D-9A97-46FAC90E224C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E96E393B-1C44-4F46-BFBF-0043E26E10F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{ECE1C2A3-D8CE-402B-A7A9-78A323FE94C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F0556225-BB04-451A-A2E2-9A143CB356CA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F39BDAE6-AACA-4501-BDD6-3926D0285CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{F94236F1-B4BF-4694-9C83-58F7BD1D4DF6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{FAB69813-4C60-4782-A9F3-A232F2F46B56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{373CEDAE-1A38-41E0-92DE-ECCBC13B8FA6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{3D8479FC-34C9-4777-88B8-BEE3B7A936AE}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"TCP Query User{737C97DC-54FB-468B-AD8E-F0ADAA9F49EF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{82ADEBB0-9164-4D2A-B1FC-0922CDC0D6FD}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe |
"TCP Query User{BC85B79E-F492-4686-A4BF-A062BCC743DD}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{C4EC40A1-DD81-499A-AC08-ED01CF35DB3B}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe |
"UDP Query User{30413286-4EAA-413F-9448-B86931C3EBD2}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"UDP Query User{56555358-42C8-4175-9575-493FB96C51AE}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe |
"UDP Query User{5B2CECD1-1122-4824-8D78-6184909502F9}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{9075C557-A4DA-4BA8-8003-430EC3841036}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{9510F3F9-D032-4B2E-A092-E6E6273A8036}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{DF7E891F-9C41-49CE-9CAC-855CF4C038A3}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D95A4AF-B4FE-45E5-1518-2A842BA83081}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9EA8213A-9080-C41F-2F85-8FF98374AB9F}" = ATI Catalyst Install Manager
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0019BCD5-6D1C-6B47-8214-A151D5FCFDDC}" = Catalyst Control Center Localization Thai
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014A0EB1-C226-1CAF-7B72-49321CB0E9B3}" = CCC Help Hungarian
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0AF5BF1B-FFE1-2C85-FDDC-3A44EFD341EC}" = Catalyst Control Center Localization Italian
"{0BB291F1-BEBA-2530-990B-863B206B1F8A}" = Catalyst Control Center Localization German
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{114C3B4C-CA35-1027-B126-F10DAB0F20B7}" = CCC Help Norwegian
"{11908571-96AB-2B21-EDBE-7852B087E925}" = Catalyst Control Center Localization Portuguese
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C7264E-BAA0-73B7-0B7C-BA1CCA40F438}" = CCC Help Chinese Standard
"{23D2AA7C-FFB2-3271-7568-58D9CE58598F}" = CCC Help German
"{25468ED2-C4F8-C7EB-5CDB-20D934D6A1F9}" = CCC Help French
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
"{277AF855-DF15-BDCA-D570-5B94C5371201}" = CCC Help Polish
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BEC7DA6-3455-5674-4A0E-09A6777A2C25}" = Catalyst Control Center Localization Dutch
"{2CC86F66-6C15-3D00-F05E-830846CF2393}" = CCC Help Turkish
"{2DDB9835-EE7B-FF38-084C-EBB81710A5FB}" = Catalyst Control Center Graphics Previews Vista
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35BEB65B-B67C-C104-CE7E-56D71378822D}" = Catalyst Control Center Localization Swedish
"{36D76EB0-F8A6-BD4A-A3C9-B07BE72FF6CD}" = Catalyst Control Center Graphics Full New
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B7AD0B6-B25D-EB03-5657-E9B3ECBC3C28}" = Catalyst Control Center Graphics Light
"{3C9DDCA5-D9EF-B431-B7E8-3B2286E92FEE}" = Catalyst Control Center Core Implementation
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{441BA798-953E-1FF2-F9B8-7D1BED5E3278}" = CCC Help Chinese Traditional
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C074190-CE6F-1960-F8BC-B00CF700CAA4}" = Catalyst Control Center Localization Korean
"{4DDF7B07-6CC5-CEE9-CA52-E95F8547EBC0}" = Catalyst Control Center Localization Greek
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56B74948-05CA-C84D-307C-A578F98DAF33}" = Catalyst Control Center Localization Japanese
"{590129B0-8CBD-0C3D-55C6-693C5C910A53}" = Catalyst Control Center Graphics Full Existing
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F87D8F9-A373-11D5-AA2E-0008C760B784}" = Ultimate Ride
"{60706F47-9AD7-59C5-2BFF-A747086FE30B}" = Catalyst Control Center Localization Finnish
"{607576AD-A631-77DE-3D8C-3FBA257962D0}" = Skins
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{61E1C6E3-1793-2F66-B14D-E8899F8F36D7}" = Catalyst Control Center Localization Turkish
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F058B03-40A6-3023-ACE4-C031CB5F51E6}" = CCC Help Portuguese
"{6F1D0A3C-3E04-3E6D-2286-1B1900777555}" = Catalyst Control Center Localization Chinese Standard
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{795288DC-2652-44A5-99FD-2ECDF3C633BF}" = SweetIM for Messenger 3.3
"{7C0B4269-EFF1-FE99-2298-B5752BBCD1CE}" = Catalyst Control Center Graphics Previews Common
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{815E4EFD-6A9C-50F5-3C7B-DD5984BF1CBB}" = Catalyst Control Center Localization Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D8637C8-BD8F-71AF-1E15-B4104FDFF6A9}" = CCC Help Japanese
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3A383E-0AF0-97F3-3FFF-E466DFDD302B}" = CCC Help Greek
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A40DD5A8-B549-126F-DEDE-2A0DD11342F0}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B03DF1CE-9964-0BCB-A53E-9ABE88B17F60}" = Catalyst Control Center Localization Spanish
"{B04F82E0-C4F2-58B3-C799-FAC82F6F88C1}" = CCC Help Russian
"{B0516082-BA15-2ACC-A354-0CA22CFE4CF9}" = CCC Help Spanish
"{B3891007-20E0-83BB-93F8-3062A2ED39EB}" = CCC Help Italian
"{B3DA638A-7AC7-4202-C489-898D8A5AE48B}" = CCC Help Dutch
"{B593E002-4F0A-2537-AF4D-59C371FCE60F}" = CCC Help Finnish
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9CB4A55-002A-5FC0-DF39-A5D5FF2F036D}" = Catalyst Control Center Localization French
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C485E0AA-2176-835B-8555-C08002E8517B}" = Catalyst Control Center Localization Norwegian
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C948C303-C151-B075-DDD6-F69B963B70EF}" = Catalyst Control Center Localization Russian
"{C9E04998-234A-4ACE-6C91-30F7E8EA735D}" = Catalyst Control Center Localization Polish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCB5EE8A-8DE8-E4E2-1D3D-31C9CC3519C9}" = Catalyst Control Center Localization Chinese Traditional
"{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D11016EA-8CFB-4E07-91D4-28606762DF06}" = Der Planer 3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D2299355-97DE-1DBC-98EB-C5F2357F874C}" = Catalyst Control Center Localization Hungarian
"{D2C6274D-C3C0-0C1B-5E79-B94843622343}" = Catalyst Control Center Localization Czech
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78C15E3-7648-A466-651C-FB618B3659AD}" = CCC Help Korean
"{DC2A30B7-030B-6842-C5D5-AE3D5E7B8ECC}" = ccc-core-static
"{DF18DFB5-A9CC-1A17-9861-2187C1265CD4}" = CCC Help Swedish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9DA117D-B2B8-9F7D-DBD7-FF2A730FBB8A}" = CCC Help Czech
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FDC5251B-4139-1DAE-8CCC-20AAC4E5422E}" = CCC Help Thai
"{FF063B2A-19DB-C210-C06D-8BBECD7D45B4}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Freibier" = Freibier
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Indeo® Software" = Indeo® Software
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NSS" = Norton Security Scan
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Hardware Diagnose Tools
"Real Desktop Standard_is1" = Real Desktop 1.61 Standard
"RealDesktop Toolbar" = RealDesktop Toolbar
"Regnum Online" = Regnum Online 1.6.2
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4
"Tour de Franz" = Tour de Franz
"Uninstall_is1" = Uninstall 1.0.0.1
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WildTangent hp Master Uninstall" = HP Games
"Woodcutter Simulator" = Woodcutter Simulator
"WTA-d81f286f-9499-43ee-9c03-59e4803c1b65" = Build-a-lot 3
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- ---
------------------------------------ OTL.Txt:OTL Logfile: Code:
OTL logfile created on: 26.01.2011 16:57:49 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\*******\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,63 Gb Total Space | 498,96 Gb Free Space | 85,64% Space Free | Partition Type: NTFS
Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe
PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.30 10:44:20 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe
PRC - [2010.04.25 18:59:24 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2009.11.20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009.10.11 09:45:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2008.05.14 23:03:34 | 000,887,808 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2011.01.12 14:03:37 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe -- (RealDesktop Toolbar Helper)
SRV - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.02.10 18:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010.12.13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.12.13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64)
DRV:64bit: - [2008.05.14 23:49:44 | 004,436,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2007.06.29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007.01.25 18:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64)
DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPDesktop | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPDesktop | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: {7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 09:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 16:44:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 15:03:12 | 000,000,000 | ---D | M]
[2010.01.05 09:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2011.01.26 16:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions
[2010.04.27 17:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 11:08:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.13 18:11:32 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.10.20 13:04:29 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.09.27 12:18:31 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\support@predictad.com
[2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml
[2011.01.19 14:39:40 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml
[2010.10.24 20:04:48 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml
[2010.10.30 08:01:36 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml
[2010.12.21 18:42:26 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml
[2010.03.25 12:35:00 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml
[2010.04.04 13:04:46 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml
[2010.04.15 11:51:07 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml
[2010.07.12 13:13:12 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml
[2010.07.22 19:11:44 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml
[2010.07.27 21:02:41 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml
[2010.09.09 09:05:34 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml
[2010.09.20 16:25:09 | 000,000,950 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml
[2010.03.10 17:24:30 | 000,000,955 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml
[2010.10.20 13:04:07 | 000,003,915 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml
[2011.01.26 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.24 00:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.22 13:36:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.01.26 15:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.07.11 19:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com
[2011.01.20 20:14:49 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\*******\APPDATA\LOCAL\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 03:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2010.04.25 18:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.07.03 12:36:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.03 12:36:47 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.03 12:36:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.26 16:45:47 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml
[2011.01.26 16:45:47 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak
[2010.07.03 12:36:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.03 12:36:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [0x017] File not found
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [o2DSLConnectionManager] C:\Program Files (x86)\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8501a01e-052c-11df-936a-00235412c360}\Shell - "" = AutoRun
O33 - MountPoints2\{8501a01e-052c-11df-936a-00235412c360}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{f3df1422-ac47-11de-a4ab-00235412c360}\Shell - "" = AutoRun
O33 - MountPoints2\{f3df1422-ac47-11de-a4ab-00235412c360}\Shell\AutoRun\command - "" = J:\QsSetup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.01.26 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\bereinigung
[2011.01.26 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes
[2011.01.26 16:31:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.26 16:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.26 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.26 16:31:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.26 16:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.26 15:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.01.20 20:14:49 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}
[2011.01.19 18:54:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.01.19 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Avira
[2011.01.17 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[2011.01.17 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2011.01.17 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Seven Zip
[2011.01.17 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.01.17 18:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.01.17 18:11:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.01.17 18:10:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.01.17 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Microsoft Help
[2011.01.17 18:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.01.17 18:06:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.01.14 16:31:44 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\.minecraft
[2011.01.07 17:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Disney Imagineering
[2011.01.07 17:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Imagineering
[2011.01.07 17:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\XPSaveGameDir=Saves
[2011.01.07 17:10:11 | 000,000,000 | ---D | C] -- C:\Programme\Disney Imagineering
[2011.01.07 15:20:32 | 000,000,000 | ---D | C] -- C:\Phenomedia AG
[2011.01.07 15:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Der Planer 3
[2011.01.06 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\SPORE Creature Creator
[2011.01.06 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\MeinSPORE-Kreationen
[2011.01.05 10:44:44 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.01.03 17:51:10 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tour de Franz
[2011.01.03 17:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tour de Franz
[2011.01.03 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TourDeFranz
[2011.01.03 16:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freibier
[2011.01.03 16:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freibier
[2010.01.19 20:42:43 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe4F67.dll
[2009.10.06 13:51:41 | 000,229,376 | ---- | C] (VoLT, 2010) -- C:\Users\*******\AppData\Local\uvevijuki.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.01.26 16:48:46 | 000,000,680 | ---- | M] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2011.01.26 16:45:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.26 16:45:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.26 16:45:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.26 16:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.26 16:38:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.26 16:31:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.26 15:07:08 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job
[2011.01.26 14:17:30 | 000,000,000 | ---- | M] () -- C:\Users\*******\AppData\Local\Rdedokoxaxedako.bin
[2011.01.20 20:14:51 | 000,000,120 | ---- | M] () -- C:\Users\*******\AppData\Local\Mtano.dat
[2011.01.20 05:56:26 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.17 18:14:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk
[2011.01.15 12:38:50 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.01.07 17:11:55 | 000,001,078 | ---- | M] () -- C:\Windows\disney.ini
[2011.01.07 17:10:48 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Gespeicherte Achterbahnen.lnk
[2011.01.07 17:09:38 | 000,000,175 | ---- | M] () -- C:\Windows\disneysy.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.01.26 16:48:21 | 000,000,680 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2011.01.26 16:31:20 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.20 20:14:51 | 000,000,120 | ---- | C] () -- C:\Users\*******\AppData\Local\Mtano.dat
[2011.01.20 20:14:51 | 000,000,000 | ---- | C] () -- C:\Users\*******\AppData\Local\Rdedokoxaxedako.bin
[2011.01.17 18:14:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk
[2011.01.07 17:10:48 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Gespeicherte Achterbahnen.lnk
[2011.01.07 17:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini
[2011.01.07 17:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini
[2010.12.05 14:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll
[2010.12.04 16:53:36 | 003,254,976 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistMSI47BA.txt
[2010.12.04 16:53:32 | 000,012,490 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistUI47BA.txt
[2010.06.29 18:03:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.08 10:13:19 | 000,429,170 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistMSI7D79.txt
[2010.05.08 10:13:18 | 000,011,192 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistUI7D79.txt
[2010.01.19 20:35:04 | 000,439,726 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistMSI14D8.txt
[2010.01.19 20:35:03 | 000,082,666 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistUI14D8.txt
[2010.01.01 14:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll
[2009.10.15 19:26:15 | 000,003,584 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 13:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.06 13:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.28 17:28:08 | 000,419,556 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistMSI08C2.txt
[2009.09.28 17:28:08 | 000,035,698 | ---- | C] () -- C:\Users\*******\AppData\Local\dd_vcredistUI08C2.txt
[2009.09.28 17:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009.06.18 15:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2009.06.18 15:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009.01.20 13:17:53 | 000,000,488 | ---- | C] () -- C:\Users\*******\AppData\Roaming\wklnhst.dat
[2008.11.20 21:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.12 21:06:31 | 000,003,569 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.09.12 20:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008.09.12 20:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
========== LOP Check ==========
[2011.01.14 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\.minecraft
[2010.06.28 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Atari
[2010.08.06 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.01 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Football Superstars
[2011.01.16 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2010.06.28 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech
[2009.01.02 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Magic Academy
[2009.05.09 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PlayFirst
[2010.01.19 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sony
[2010.01.19 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sony Setup
[2011.01.06 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SPORE Creature Creator
[2010.05.14 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Telefónica
[2009.01.20 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Template
[2010.08.30 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Unity
[2009.01.02 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\WildTangent
[2009.11.20 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\WinBatch
[2011.01.26 16:44:38 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.26 15:07:08 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.09.13 06:16:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.01.01 14:24:08 | 000,000,000 | ---- | M] () -- C:\conmgr.log
[2009.06.18 15:16:16 | 000,000,129 | ---- | M] () -- C:\htsetup.err
[2005.09.22 23:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011.01.26 16:45:30 | 312,033,279 | -HS- | M] () -- C:\pagefile.sys
[2010.05.25 17:12:02 | 000,001,527 | ---- | M] () -- C:\SoftUpdateLog.txt
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.11.02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.01.08 12:08:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008.01.21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:50:16 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: WININIT.EXE >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >
--- --- --- |
