Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
wssetup von perion network ltd kommt immer nach Start des PC

wssetup von perion network ltd kommt immer nach Start des PC


Plagegeister aller Art und deren Bekämpfung: wssetup von perion network ltd kommt immer nach Start des PC

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.06.2013, 18:35   #1
HaWe53
 
wssetup von perion network ltd kommt immer nach Start des PC - Standard

wssetup von perion network ltd kommt immer nach Start des PC


Hallo zusammen,
Nach dem Start von Windows 7 kommt immer die Installationsaufforderung von wssetup.exe. Wie ich hier gelesen habe, bin ich ja nicht der einzige. Deshalb habe ich auch direkt OTL ausgeführt.

Hier das Ergebnis

OTL.txt

OTL logfile created on: 15.06.2013 18:53:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans-Werner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,55% Memory free
5,99 Gb Paging File | 3,65 Gb Available in Paging File | 60,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 281,08 Gb Free Space | 31,57% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 26,96 Gb Free Space | 67,41% Space Free | Partition Type: NTFS
Drive F: | 279,47 Gb Total Space | 82,54 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

Computer Name: HANS-WERNER1 | User Name: Hans-Werner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.15 18:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe
PRC - [2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe
PRC - [2013.05.31 19:31:51 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.05.31 19:31:51 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Programme\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013.05.21 16:03:12 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2013.05.21 16:03:12 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013.05.16 20:34:58 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.16 20:26:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.08 08:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Hans-Werner\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013.04.22 13:54:54 | 000,526,144 | ---- | M] (Deutsche Telekom AG) -- C:\Users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
PRC - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Programme\SearchProtect\bin\CltMngSvc.exe
PRC - [2013.03.30 12:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 12:10:01 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.30 12:10:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.11 18:22:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.28 17:17:53 | 000,040,960 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2013.01.10 23:10:44 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.10 23:10:41 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.02 11:18:42 | 000,525,776 | ---- | M] (Abelssoft) -- C:\Programme\CheckDrive\CheckDriveBackgroundGuard.exe
PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.11 09:14:28 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.12.24 13:38:22 | 005,575,168 | ---- | M] (Chicony) -- C:\Windows\CNYHKey.exe
PRC - [2009.12.23 22:10:36 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\YouCam\YouCamTray.exe
PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.09 18:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2008.05.07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007.01.08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
PRC - [2005.07.29 13:13:52 | 000,638,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe
MOD - [2013.06.15 12:12:28 | 013,140,872 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013.05.21 16:03:12 | 000,158,384 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013.05.17 10:39:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.05.17 10:39:25 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013.05.17 10:33:48 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f878765b06a1d56b04f4bd23a9c60985\System.Windows.Forms.ni.dll
MOD - [2013.05.17 10:33:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 10:33:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 23:41:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 23:41:40 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.16 23:41:24 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.16 23:41:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.16 23:41:17 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.16 23:41:12 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.02.14 20:48:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2013.01.09 22:03:41 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.09 22:01:54 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.09 22:01:50 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.09 21:59:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.09 21:55:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 21:55:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 21:54:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 21:54:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 21:54:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 20:37:51 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 20:37:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 20:37:23 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 20:37:21 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 20:37:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.07.02 11:18:42 | 000,585,680 | ---- | M] () -- C:\Programme\CheckDrive\AbScheduler.dll
MOD - [2012.07.02 11:18:42 | 000,013,776 | ---- | M] () -- C:\Programme\CheckDrive\AbMessages.dll
MOD - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE
MOD - [2012.04.25 10:31:46 | 002,033,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPToolsX86.DLL
MOD - [2012.04.25 10:30:54 | 000,566,824 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPLangX86.DLL
MOD - [2012.04.25 10:29:52 | 002,474,536 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPCmn32X86.DLL
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - [2013.06.12 19:32:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.21 16:03:12 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013.05.16 20:35:00 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Programme\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013.03.30 12:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 12:10:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.11 18:22:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.28 17:17:53 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () [Auto | Running] -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE -- (BackupBoxService)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.11 09:14:28 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- -- (rseb)
DRV - [2013.05.21 16:03:12 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.03.30 12:10:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.30 12:10:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.30 12:10:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.11 18:22:32 | 008,913,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.02.22 19:11:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.14 17:13:26 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011.10.14 17:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={0170617E-695E-11E2-B1EF-1C4BD602D165}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20130321181948801&tb_oid=21-03-2013&tb_mrud=21-03-2013

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 65 AF C3 78 3F CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=109718&tt=4612_3&babsrc=SP_ss&mntrId=2a522c270000000000001c4bd6428a4c
IE - HKCU\..\SearchScopes\{420C51BF-930C-4854-8EAA-DB2C16E35F30}: "URL" = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes\{8A4CC51F-81AA-4648-99C6-6A439A6A120F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{8F24ABFF-F6F8-497E-88EB-FD27EA16C77F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AF16B6D9-CC75-4EDA-BCD6-756C31CB4ED6}&mid=2bfe9eb9394147d0bb3fcd0290e63896-7109eff3f2cace622cef12674e461e74a6511a66&lang=de&ds=pd011&pr=sa&d=2012-09-25 20:58:37&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C77B8B60-FBE5-492E-A285-2FDDB37ACFF9}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EA46890A-ADCC-474E-A270-5E3799DCD379}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EB1BCBBB-4D79-4F89-A7F2-42382B5E1501}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={0170617E-695E-11E2-B1EF-1C4BD602D165}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20130321181948801&tb_oid=21-03-2013&tb_mrud=21-03-2013
IE - HKCU\..\SearchScopes\{FB6B54B8-EEC8-48B2-8E7D-CD865A8ED891}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.21 16:03:24 | 000,000,000 | ---D | M]

[2012.11.12 22:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.16.4.512_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.16.4.512_0\
CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programme\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Programme\DealPly\DealPlyIE.dll (DealPly)
O3 - HKLM\..\Toolbar: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchProtectAll] C:\Programme\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKLM..\Run: [WUG0902APP] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Hans-Werner\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - Startup: C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E9F58F-74EE-4ADA-8E47-59082C39A40D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.08.10 14:32:06 | 000,000,000 | ---D | M] - F:\Autobackup -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.15 18:51:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe
[2013.06.06 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Downloaded Installations
[2013.06.06 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.06 21:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.06 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.06 21:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.06 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\BabSolution
[2013.06.06 21:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.06 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Delta
[2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\WebCake
[2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\DealPly
[2013.06.06 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter
[2013.06.06 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\DSite
[2013.06.06 21:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Image Converter
[2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2013.06.04 20:07:47 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Apple Computer
[2013.06.04 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Apple Computer
[2013.06.03 19:13:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013.06.03 19:13:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013.06.03 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013.06.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Audacity
[2013.06.02 17:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2013.06.02 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Xara
[2013.06.02 17:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xara
[2013.06.02 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Documents\MAGIX_Xtreme_Druck_Center
[2013.06.02 17:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2013.06.02 17:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DateiCommander14Basic
[2013.06.02 17:23:39 | 000,069,632 | ---- | C] (TimoSoft) -- C:\Windows\System32\SHEvent322.ocx
[2013.06.02 17:23:37 | 000,373,248 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevDataGrid2.ocx
[2013.06.02 17:23:36 | 000,276,992 | ---- | C] (IntelleSoft) -- C:\Windows\System32\BugTrap.dll
[2013.06.02 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\DateiCommander14Basic
[2013.06.02 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Winamp Toolbar
[2013.06.02 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Wondershare
[2013.06.02 17:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013.06.02 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Documents\Wondershare Fantashow
[2013.05.27 21:21:27 | 000,000,000 | R--D | C] -- C:\Users\Hans-Werner\Mediencenter
[2013.05.27 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Medien
[2013.05.27 21:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Desktop\Neuer Ordner (3)
[2013.05.27 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Telekom
[2013.05.27 21:15:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Telekom
[2013.05.27 19:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.05.16 20:35:52 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.16 20:28:17 | 000,000,000 | ---D | C] -- C:\SearchProtect

========== Files - Modified Within 30 Days ==========

[2013.06.15 19:03:01 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.15 18:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe
[2013.06.15 18:49:19 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Werner\defogger_reenable
[2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe
[2013.06.15 18:33:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.15 18:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 17:50:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.15 12:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 12:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 11:54:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.15 11:54:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013.06.15 11:54:22 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job
[2013.06.15 11:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.06.15 11:52:34 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 11:20:32 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.15 11:20:32 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.15 11:20:32 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.15 11:20:32 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.14 20:04:00 | 000,000,005 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\WBPU-TTL.DAT
[2013.06.12 22:33:47 | 000,069,358 | ---- | M] () -- C:\Users\Hans-Werner\Documents\PSD OnlineBanking - PSD Bank Rhein-Ruhr eG - BLZ 30060992.pdf
[2013.06.06 21:38:03 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.06 21:03:33 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2013.06.02 17:46:11 | 000,000,973 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Audacity.lnk
[2013.06.02 17:31:37 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Xtreme Druck Center.lnk
[2013.06.02 17:23:44 | 000,001,016 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\DateiCommander14Basic.lnk
[2013.06.02 16:57:43 | 003,334,136 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\wssetup.exe
[2013.05.31 21:27:31 | 000,001,876 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05_31.csv
[2013.05.31 21:26:53 | 000,001,576 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05_31R.csv
[2013.05.29 20:02:22 | 000,060,016 | ---- | M] () -- C:\Users\Hans-Werner\Documents\Der neue Rundfunkbeitrag - Antworten.pdf
[2013.05.27 21:15:02 | 000,001,167 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Mediencenter.lnk
[2013.05.27 21:15:02 | 000,001,159 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
[2013.05.27 20:40:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.05.27 20:38:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013.05.27 20:11:37 | 000,001,966 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0514.csv
[2013.05.27 20:11:19 | 000,002,616 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0513.csv
[2013.05.27 20:10:57 | 000,001,966 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0511.csv
[2013.05.27 20:10:39 | 000,001,836 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0509.csv
[2013.05.27 19:59:33 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.05.27 19:48:53 | 000,001,584 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05r.csv
[2013.05.27 19:47:34 | 000,000,552 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05rr.csv
[2013.05.23 17:53:11 | 000,000,918 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.21 16:03:12 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.21 15:31:12 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.05.21 15:28:38 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.05.17 10:31:50 | 000,448,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 21:11:26 | 000,001,716 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05.csv
[2013.05.16 20:35:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.16 20:27:50 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

========== Files Created - No Company Name ==========

[2013.06.15 18:49:19 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Werner\defogger_reenable
[2013.06.15 18:44:56 | 000,050,477 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe
[2013.06.14 20:04:00 | 000,000,005 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\WBPU-TTL.DAT
[2013.06.12 22:33:47 | 000,069,358 | ---- | C] () -- C:\Users\Hans-Werner\Documents\PSD OnlineBanking - PSD Bank Rhein-Ruhr eG - BLZ 30060992.pdf
[2013.06.08 15:23:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013.06.06 21:03:35 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.06 21:03:33 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Image Converter.lnk
[2013.06.03 19:13:30 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.06.03 19:13:30 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.06.02 17:46:11 | 000,000,973 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Audacity.lnk
[2013.06.02 17:46:10 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.06.02 17:31:37 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Xtreme Druck Center.lnk
[2013.06.02 17:23:44 | 000,001,016 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\DateiCommander14Basic.lnk
[2013.06.02 17:23:40 | 000,885,760 | ---- | C] () -- C:\Windows\System32\ExTvw.pdb
[2013.06.02 17:23:39 | 001,158,144 | ---- | C] () -- C:\Windows\System32\CBLCtlsU.pdb
[2013.06.02 17:23:39 | 001,104,896 | ---- | C] () -- C:\Windows\System32\CBLCtlsU.ocx
[2013.06.02 17:23:37 | 000,838,656 | ---- | C] () -- C:\Windows\System32\TBarCtlsU.pdb
[2013.06.02 17:23:37 | 000,806,400 | ---- | C] () -- C:\Windows\System32\TBarCtlsU.ocx
[2013.06.02 17:23:37 | 000,568,320 | ---- | C] () -- C:\Windows\System32\DTCtlsU.pdb
[2013.06.02 17:23:37 | 000,505,856 | ---- | C] () -- C:\Windows\System32\DTCtlsU.ocx
[2013.06.02 17:23:37 | 000,445,440 | ---- | C] () -- C:\Windows\System32\ProgBarU.pdb
[2013.06.02 17:23:36 | 001,117,184 | ---- | C] () -- C:\Windows\System32\ShBrowserCtlsU.pdb
[2013.06.02 17:23:36 | 001,061,888 | ---- | C] () -- C:\Windows\System32\ExLVwU.ocx
[2013.06.02 17:23:36 | 001,002,496 | ---- | C] () -- C:\Windows\System32\ExLVwU.pdb
[2013.06.02 17:23:36 | 000,878,080 | ---- | C] () -- C:\Windows\System32\ShBrowserCtlsU.ocx
[2013.06.02 17:23:36 | 000,699,392 | ---- | C] () -- C:\Windows\System32\BtnCtlsU.pdb
[2013.06.02 17:23:36 | 000,645,632 | ---- | C] () -- C:\Windows\System32\BtnCtlsU.ocx
[2013.06.02 17:23:36 | 000,601,088 | ---- | C] () -- C:\Windows\System32\TabStripCtlU.pdb
[2013.06.02 17:23:36 | 000,476,672 | ---- | C] () -- C:\Windows\System32\TabStripCtlU.ocx
[2013.06.02 17:23:36 | 000,317,440 | ---- | C] () -- C:\Windows\System32\ProgBarU.ocx
[2013.06.02 16:57:42 | 003,334,136 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\wssetup.exe
[2013.05.31 21:27:31 | 000,001,876 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05_31.csv
[2013.05.31 21:26:52 | 000,001,576 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05_31R.csv
[2013.05.31 19:11:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.05.29 20:02:21 | 000,060,016 | ---- | C] () -- C:\Users\Hans-Werner\Documents\Der neue Rundfunkbeitrag - Antworten.pdf
[2013.05.27 21:15:02 | 000,001,167 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Mediencenter.lnk
[2013.05.27 21:15:02 | 000,001,159 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
[2013.05.27 21:15:02 | 000,001,153 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk
[2013.05.27 20:11:37 | 000,001,966 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0514.csv
[2013.05.27 20:11:19 | 000,002,616 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0513.csv
[2013.05.27 20:10:56 | 000,001,966 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0511.csv
[2013.05.27 20:10:39 | 000,001,836 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0509.csv
[2013.05.27 19:59:33 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.05.27 19:47:34 | 000,000,552 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05rr.csv
[2013.05.16 21:11:26 | 000,001,716 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05.csv
[2013.05.16 21:10:29 | 000,001,584 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05r.csv
[2013.01.07 20:54:44 | 000,000,231 | ---- | C] () -- C:\Windows\LSBackupBox.ini
[2013.01.01 13:21:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2013.01.01 13:20:26 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.12.17 00:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2012.11.04 20:14:22 | 000,164,352 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[2012.11.04 20:14:22 | 000,075,264 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2012.10.25 21:50:50 | 002,300,672 | ---- | C] () -- C:\Windows\System32\libintl-8.dll
[2012.10.25 21:50:50 | 000,289,739 | ---- | C] () -- C:\Windows\System32\libmp3splt-0.dll
[2012.10.25 21:50:50 | 000,261,438 | ---- | C] () -- C:\Windows\System32\libsplt_mp3-0.dll
[2012.10.25 21:50:50 | 000,197,337 | ---- | C] () -- C:\Windows\System32\libmad-0.dll
[2012.10.25 21:50:50 | 000,174,716 | ---- | C] () -- C:\Windows\System32\libid3tag.dll
[2012.10.25 21:50:50 | 000,116,736 | ---- | C] () -- C:\Windows\System32\mp3splt.exe
[2012.10.25 21:50:50 | 000,061,211 | ---- | C] () -- C:\Windows\System32\libltdl-7.dll
[2012.10.25 21:50:50 | 000,045,245 | ---- | C] () -- C:\Windows\System32\mp3wrap.exe
[2012.08.07 21:48:34 | 000,000,918 | ---- | C] () -- C:\Windows\wiso.ini
[2012.06.06 22:06:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Install2500USB.dll
[2012.06.06 22:06:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DEDriverDLL.dll
[2012.06.06 22:06:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\WRLSetup.exe
[2012.06.06 20:39:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SingleFiles
[2012.06.06 20:39:00 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Screen Saver
[2012.06.06 20:39:00 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StatusSheet
[2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services
[2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Scripts Menu
[2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Sci-Fi
[2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Sampler Instruments
[2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.06.06 20:38:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StartupItems
[2012.06.06 20:38:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Standard
[2012.06.05 21:55:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.06.05 21:55:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.06.05 21:55:32 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.06.05 21:55:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.06.05 21:55:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.06.05 21:55:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.06.05 21:55:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.06.05 21:55:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.06.05 21:55:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.06.05 21:55:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.06.05 21:55:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.06.05 21:55:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.06.05 21:55:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.06.05 21:55:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.06.05 21:55:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.06.05 21:55:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.06.05 21:55:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.06.05 21:55:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.06.05 21:55:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.06.05 21:55:09 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw8b.bin
[2012.06.05 21:54:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini
[2012.06.05 21:24:36 | 000,000,140 | ---- | C] () -- C:\Windows\ML24DXn.INI
[2012.06.03 15:55:14 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2012.06.03 14:07:35 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.06.03 13:49:35 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2012.06.03 13:49:34 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2012.06.03 13:41:50 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012.06.01 21:56:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.06.06 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Audacity
[2013.06.06 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\BabSolution
[2012.11.12 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Babylon
[2012.08.07 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Buhl Data Service
[2012.11.12 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Claro
[2013.01.28 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Claro LTD
[2013.06.02 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Dateicommander
[2013.06.06 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DealPly
[2013.06.06 21:03:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Delta
[2013.01.28 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DesktopIconForAmazon
[2013.06.06 21:03:34 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DSite
[2013.04.12 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DVDVideoSoft
[2012.06.05 22:15:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Epson
[2012.06.06 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Leadertech
[2013.06.02 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\MAGIX
[2012.06.30 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Nikon
[2013.02.18 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Notepad++
[2013.01.28 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\OCS
[2013.03.21 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\OpenCandy
[2012.06.01 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Opera
[2013.01.07 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\pdfforge
[2012.06.26 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\PowerCinema
[2013.04.12 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\SearchProtect
[2012.07.20 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\SmartTools
[2013.05.27 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Telekom
[2013.03.21 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\TuneUp Software
[2013.06.06 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\WebCake

========== Purity Check ==========



< End of report >


Extras.txt

OTL Extras logfile created on: 15.06.2013 18:53:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans-Werner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,55% Memory free
5,99 Gb Paging File | 3,65 Gb Available in Paging File | 60,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 281,08 Gb Free Space | 31,57% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 26,96 Gb Free Space | 67,41% Space Free | Partition Type: NTFS
Drive F: | 279,47 Gb Total Space | 82,54 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

Computer Name: HANS-WERNER1 | User Name: Hans-Werner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DateiCommander] -- C:\Program Files\DateiCommander14Basic\DateiCommander.exe %1 (Ch.Lütgens & Co)
Directory [Datei-Commander] -- C:\Program Files\DateiCommander\DateiCommander.exe %1 (OEM)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029CA508-2F3E-4A56-8D48-6BE0F3B0238D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{118D4EFE-2AE3-43EF-8C4E-30F2DFB3C529}" = rport=138 | protocol=17 | dir=out | app=system |
"{2235D3B3-AF47-4F5E-976D-813916C96EA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{2767B32D-DC07-4A8C-B05E-4668633DD97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38F59FC4-ACB1-464F-964E-252E082DAC36}" = lport=139 | protocol=6 | dir=in | app=system |
"{4878F92A-FE10-4C41-B2DF-C02327F01D03}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FE97C18-F3CC-483D-9E4B-434265840FC4}" = rport=137 | protocol=17 | dir=out | app=system |
"{565ED97B-EEA8-4FED-8415-860C240737D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{59CF73E3-216D-4636-84EE-58E9AA4AD4C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A13856C-31A0-48E3-9020-36176FEE5B4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BEB3BE9-113C-4EA1-8FBE-C03048092011}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{723942B3-8038-46AE-A5F7-C547FA7A8D7A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D0442B6-84CD-4A5A-8D0F-94381EAE1CE5}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EC50FA0-ACFB-4909-9900-14705D650D6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2565333-0D27-4787-9D66-DC0A67737B17}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A579A4C2-E31B-417B-88D8-BFCDBEEBFF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8B9ABBB-0813-429C-99A5-6141359903B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DF738E1E-CEFE-4C83-B58D-837AA807DF23}" = rport=445 | protocol=6 | dir=out | app=system |
"{E78EB66C-888E-44AE-A32D-2A4391CB7854}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA3C5517-BE1E-49ED-B6B6-F41AA38FFF81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC7EAAE7-F1A6-42FE-97BB-FB389BE27391}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F41DB5BB-53F2-439D-937D-1245B416AB43}" = lport=138 | protocol=17 | dir=in | app=system |
"{F817B8B5-2D40-4B0C-91AA-01FC685AA9D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0112E3B0-64C4-44C1-9485-DDE79162CA1A}" = protocol=6 | dir=out | app=system |
"{02BEE5BF-C6F0-47E5-8DB8-5126717F2D99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{05B24A14-91A3-4CCE-939A-D96E2C5F68FB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0ADD24C7-BAE0-4AF3-A85E-B85E1E301FA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B473FBF-5F18-460E-9558-6039F220AE16}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{0D97F2A6-7B4A-489F-B158-AD93DB490E75}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{139588BD-FDA8-4B2C-82E1-5790ADBD5693}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{15826304-3B66-4F8B-AEBB-804E6D4DC6C9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{183E4F2E-E073-4B91-9841-CE85D0C56872}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{194ADA60-B839-4A08-9C98-6619D6FA5249}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BBAAEC1-4AD9-4433-9F30-E460E8D96E2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2603F59D-5042-4263-ADDE-CECBF2A168F3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{2AFCED50-8BBB-4EA0-8C6A-1E6E2D381B00}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E714308-04FE-4F85-BBC8-5E3FA50142B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31CF9198-0D6E-4A41-BA7E-5F7DC9BA008D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{33F21EE9-9397-4BF7-8ED7-8D9AA29F807C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3954D30F-3829-48BB-AFB9-B08317773E57}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3AB47269-5F93-48B3-8389-36E5A69E5915}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{3C76AF0D-AB5A-40AA-A575-FC38610DE345}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C95AF57-E37A-46C1-B19E-920C9004F9B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{43C121FE-A0C2-4F2F-8824-8B206848F516}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{458640F3-1252-42BB-AA77-857E8FDBB9F2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46AFE903-A08D-4199-96D0-5E8E1A134CFE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4EB5A88B-0411-4988-B1BF-7CD7A7369354}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55E2D9AF-F518-4655-AE60-565725117323}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{59B25DDC-C9BB-4C96-AFBF-2A615F9FA140}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5A8A9013-C977-412D-84F1-D0F99D1E5B47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{766F5EBC-6A64-4E73-9CFE-B354419299F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B38CE4E-E81B-44D6-B604-A8908CA26DFF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7DCB3EA8-E4E9-4FB1-9C1E-7A978A58C2A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82009E66-4712-4588-ACE3-7486ED238B19}" = protocol=17 | dir=in | app=c:\program files\gps master 2.0.12\gps master.exe |
"{864CB878-E7F8-4B8D-ACA8-1A04EF3FA76B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{8C0DBADE-92F7-4ED1-B3A3-E8A9BD682287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8C5B0037-3F0E-4FDC-AE8E-79EA03AF7AC5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{96B7B3F5-32A8-4145-B5AB-487AEC5DCA5A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{972770F2-ED1D-4B00-94FC-0441932826AD}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{A110050B-5142-467B-9916-04431292D33B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A4983BB0-611E-42D3-94F3-91A4E55B9ADE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A7273398-F6AD-441C-83AC-F5FAE1AE8C77}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A753E030-B927-4B13-86F7-AC2616ADADD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE81B819-DBE8-471F-9A96-819E26A7979D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B332CADC-0F88-4E00-9DB9-E277394EDB3C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{B5E6408E-0BFB-4FF1-820D-93C88961CFD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8FC2463-84E0-4311-9EE5-F5718F02E5E7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BB16EE88-4897-4D6A-B57E-13FBDE8BEE2A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C10791D6-4EB6-4BD6-8749-73E862FF82CD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C20C80B2-3475-4FD9-BEA4-3ECC16512FBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD4FCF58-D703-4488-9546-667613C457E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D00F8366-DFE2-4D08-B80E-37109D14F46D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D4F7CD96-D7E7-4319-A448-F149F332EC2A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D7B11101-BB36-4F79-B355-27B2860340A0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{DA45B661-C7C2-431F-B539-B23FFCC4AA6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDEFA0D8-18A0-49D4-B26C-6EF27D2E0F17}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EC6DB7EE-5BDB-49C9-BA8B-9481F6258D6E}" = protocol=6 | dir=in | app=c:\program files\gps master 2.0.12\gps master.exe |
"{ECA946FB-D630-4746-8FA3-B9D27F6AF89F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F43C50CB-2CEA-4057-AA0C-DE76F368982B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F46F2DBF-9334-487D-94F6-13E3E2CDB0A3}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F9447430-99BB-4803-8A2A-046BD1B8549D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F94D7A37-698E-4A1D-9FC1-18F7C7F00B2E}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{4B3F68B6-B6C1-491D-A933-BC9BD8769827}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{F429CB6E-6785-4850-A530-26CF443F746D}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{FD65EABF-0E83-4418-B944-C577E1E2FDA9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{CF89EA27-0262-47FD-B67D-5B5F2EB4E21D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{E1AFA81E-EA6E-48DE-B86A-8FDB81A8FF0C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{E5E4D303-FBCF-4D9C-B8F1-898C2CF53E00}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{16844FEF-BCAF-4FCC-BFE9-8C52069E82CF}" = USB 2.4G Wireless Keyboard Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{389BE10D-555B-495B-A83E-E3D94B66D26A}" = CDRWIN 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1" = Ashampoo Music Studio 4 v.4.0.5
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"abylonprotectionmanager-backup-tube_is1" = abylon BACKUP-TUBE 2012.PRV
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Music Studio 2012_is1" = Ashampoo Music Studio 2012 v.1.0.0
"Ashampoo Photo Optimizer 4_is1" = Ashampoo Photo Optimizer 4 v.4.0.3
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"Audacity_is1" = Audacity 2.0.3
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"claro" = Claro toolbar
"DateiCommander 14 Basic_is1" = DateiCommander14Basic
"DateiCommander 9 Personal_is1" = DateiCommander
"DealPly" = DealPly (remove only)
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DesktopIconAmazon" = Desktop Icon für Amazon
"dm-Fotowelt" = dm-Fotowelt
"DVDvideoSoft_2.0 Toolbar" = DVDvideoSoft 2.0 Toolbar
"EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.23.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"GPS Master_is1" = GPS Master 2.0.12
"Image Converter Image Converter" = Image Converter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mp3Boy_is1" = mp3Boy 1.8.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.12.1707" = Opera 12.12
"Orb" = Winamp Remote
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"SearchAnonymizer" = SearchAnonymizer
"SearchProtect" = Search Protect by conduit
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartToolsBerichte-Verteilerv3.00" = SmartTools Publishing • Access Berichte-Verteiler
"SmartToolsBeschreibungs-Managerv1.50" = SmartTools Publishing • Access Beschreibungs-Manager
"SmartToolsEM 2012-Planerv1.50" = SmartTools Publishing • Outlook EM 2012-Planer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"sp6" = Logitech SetPoint 6.32
"ST6UNST #1" = Mp3-Manager personal
"ST6UNST #2" = Mp3-Manager personal (C:\Program Files\Mp3-Manager personal\)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinZip" = WinZip
"WNLT" = IB Updater Service
"X10Hardware" = X10 Hardware(TM)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
"DSite" = Update for Image Editor
"Mediencenter" = Mediencenter 3.7.0.2204
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.06.2013 01:41:50 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:42:36 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:42:46 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\AdminCallx64.EXE".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:42:47 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\BackupBoxServiceX64.EXE".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:42:47 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\BackupBoxX64.EXE".
Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:43:43 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\gps
master 2.0.12\USB\DPINST_AMD64.EXE". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.06.2013 01:46:04 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\access
berichte-verteiler\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\smarttools\access berichte-verteiler\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.

Error - 12.06.2013 01:46:06 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\outlook
em 2012-planer\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\smarttools\outlook em 2012-planer\adxloader.dll.Manifest" in
Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.

Error - 14.06.2013 15:44:38 | Computer Name = Hans-Werner1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.5, Zeitstempel:
0x4fc4c5d3 Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel:
0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses:
0x11bc Startzeit der fehlerhaften Anwendung: 0x01ce6925a0928a68 Pfad der fehlerhaften
Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\ole32.DLL Berichtskennung: d8885964-d52a-11e2-be49-1c4bd602d165

Error - 15.06.2013 11:50:32 | Computer Name = Hans-Werner1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.5, Zeitstempel:
0x4fc4c5d3 Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel:
0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses:
0x6b0 Startzeit der fehlerhaften Anwendung: 0x01ce69ae54226950 Pfad der fehlerhaften
Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\ole32.DLL Berichtskennung: 4eba1253-d5d3-11e2-bdc1-1c4bd602d165

[ System Events ]
Error - 13.12.2012 11:43:46 | Computer Name = Hans-Werner1 | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 13.12.2012 13:50:05 | Computer Name = Hans-Werner1 | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.

Error - 14.12.2012 03:53:46 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb

Error - 14.12.2012 04:28:41 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb

Error - 15.12.2012 06:26:40 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb

Error - 15.12.2012 08:10:04 | Computer Name = Hans-Werner1 | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.

Error - 16.12.2012 07:35:54 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb

Error - 16.12.2012 14:56:08 | Computer Name = Hans-Werner1 | Source = DCOM | ID = 10010
Description =

Error - 17.12.2012 03:48:18 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb

Error - 17.12.2012 08:33:37 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
rseb


< End of report >



Ich hoffe, dass ich das hier richtig gemacht habe und das mir jemand helfen kann.

Ganz liebe Grüße
Hans-Werner

 

Themen zu wssetup von perion network ltd kommt immer nach Start des PC
abelssoft, adobe reader xi, antivir, avg secure search, avg security toolbar, avira, browserdefendert, delta chrome toolbar, ebanking, fehler, flash player, format, homepage, install.exe, msiexec.exe, perion network ltd, pup.installbrain, pup.pantsoff.passwordfinder, richtlinie, rundll, search protect, secure search, security, start von windows, svchost.exe, tarma, trojan.agent.ck, udp, vtoolbarupdater, webcake, windows, wssetup.exe perion network ltd.


« Spyhunter ,Delta Search und versteckte Bedrohungen | Clickcompare-Virus in Google Chrome »


Ähnliche Themen: wssetup von perion network ltd kommt immer nach Start des PC


  1. Problem mit wssetup Perion Network
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (24)
  2. Hier kommt schon wieder einer mit Perion Network / mssetup - Problem
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (35)
  3. "wssetup.exe Perion Network Ltd." bei PC start
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (31)
  4. wssetup.exe von Perion Network Ltd.
    Log-Analyse und Auswertung - 03.07.2013 (12)
  5. wssetup.exe von Perion Network Ltd. - OTL Log File bereits erstellt
    Log-Analyse und Auswertung - 21.06.2013 (5)
  6. wssetup.exe von Perion Network Ltd. fragt nach jedem Hochfahren des Computers nach Bestätigung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (10)
  7. wssetup von Perion Network Ltd. versucht auf meinen Computer zuzugreifen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (7)
  8. Wssetup.exe von Perion beim Windows-Start
    Log-Analyse und Auswertung - 17.06.2013 (5)
  9. Perion Network - wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (7)
  10. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  11. wssetup.exe Perion Network Ltd. - Hilfe, ich will das los werden!
    Log-Analyse und Auswertung - 14.06.2013 (3)
  12. wssetup.exe von Perion erscheint nach Computerstart
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (9)
  13. Hab ich mir was eingefangen? wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 11.06.2013 (10)
  14. nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (15)
  15. Probleme mit wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 08.06.2013 (9)
  16. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  17. Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema wssetup von perion network ltd kommt immer nach Start des PC - Hallo zusammen, Nach dem Start von Windows 7 kommt immer die Installationsaufforderung von wssetup.exe. Wie ich hier gelesen habe, bin ich ja nicht der einzige. Deshalb habe ich auch direkt - wssetup von perion network ltd kommt immer nach Start des PC...
Archiv
Du betrachtest: wssetup von perion network ltd kommt immer nach Start des PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19