| Jojo2112 | 12.06.2013 07:33 |
Hostprozess beendet, Internet langsam (warten auf Cache)
Liebe Experten,
ich hoffe, ich finde hier Hilfe.
Seit ein paar Tagen wird das internet immer mal wieder sehr langsam. In der Statuszeile von Chrome steht dann "Warten auf den Cache". Ich habe nun ein neues Nutzerprofil erstellt und es wurde deutlich besser, tritt aber dennoch immer wieder auf.
Ebenso bekomme ich häufiger die Fehlermeldung "Hostprozess für Windows-Dienste wurde beendet und geschlossen".
Ich habe bereits alle möglichen Scanner laufen lassen (antivir, malwarebytes, Spybot, TuneUp, hijackthis), aber es wurde anscheinend nichts Dramatisches gefunden, denn das Problem besteht nach wie vor. Ebenso ließ ich einige Systemprogramme von Vista laufen, aber auch das brachte nicht wirklich Erfolg.
Nun bin ich als Laie mit meinem Latein am Ende und hoffe, ihr könnt mir helfen!
Hier nun erstmal der defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 11/06/2013 (Sebastian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL.txt: Code:
OTL logfile created on: 6/11/2013 7:13:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
2.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 53.66% Memory free
5.90 Gb Paging File | 4.30 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 30.76 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 131.89 Gb Total Space | 81.98 Gb Free Space | 62.16% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
PRC - [2013/05/07 13:55:23 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/28 08:50:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/28 08:50:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/03/28 08:50:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/01/28 14:19:30 | 001,926,944 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2013/01/28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/04/11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/16 19:01:30 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 04:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
========== Modules (No Company Name) ==========
MOD - [2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
MOD - [2013/05/29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013/05/29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013/05/29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/01/31 13:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll
MOD - [2013/01/24 13:25:02 | 001,044,480 | ---- | M] () -- c:\Programme\WebSearch\sprotector.dll
MOD - [2013/01/24 13:16:54 | 001,050,112 | ---- | M] () -- c:\Programme\BrowseToSave\sprotector.dll
MOD - [2011/08/12 07:45:26 | 000,198,144 | ---- | M] () -- D:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 12:58:14 | 000,502,784 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 12:58:00 | 000,131,584 | ---- | M] () -- D:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 12:57:56 | 000,485,376 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 12:57:44 | 000,707,584 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 12:57:36 | 002,633,216 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 12:56:46 | 001,205,760 | ---- | M] () -- D:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 20:20:08 | 000,012,288 | ---- | M] () -- D:\Program Files\Rainlendar2\lfs.dll
MOD - [2010/05/23 20:20:04 | 000,126,976 | ---- | M] () -- D:\Program Files\Rainlendar2\lua51.dll
MOD - [2007/06/02 21:41:36 | 000,617,472 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/25 09:30:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 20:58:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/28 08:50:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/28 08:50:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/25 13:03:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/04/25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/28 08:50:33 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/28 08:50:33 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/28 08:50:33 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/03/20 09:52:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/11/16 16:51:36 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/05/22 14:24:46 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/22 12:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 08:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2010/12/02 06:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/06/30 19:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/26 06:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/05/27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=115849&tt=3812_4&babsrc=HP_ss&mntrId=e035229100000000000000225f62723b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115849&tt=3812_4&babsrc=SP_ss&mntrId=e035229100000000000000225f62723b
IE - HKCU\..\SearchScopes\{10C6BF65-4A78-4305-9FD7-D7C6E5C393CF}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{428A29CF-43C8-423E-85DA-3E6E3AAD400E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{819ECA82-F786-4D20-906A-6954323AC01C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE
IE - HKCU\..\SearchScopes\{DE157F5A-3B9B-409C-B651-F5A5F4DDD747}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 09:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/06 13:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 09:30:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/06 13:16:56 | 000,000,000 | ---D | M]
[2013/01/19 22:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2013/04/25 15:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\lssdihk7.default\Extensions
[2013/04/25 15:58:01 | 000,000,000 | ---D | M] (Bruowse2ssAive) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\lssdihk7.default\Extensions\ihkha@uvwyva.com
[2012/09/22 15:55:31 | 000,002,349 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\lssdihk7.default\searchplugins\bProtect.xml
[2013/04/26 22:22:03 | 000,007,832 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\lssdihk7.default\searchplugins\WebSearch.xml
[2013/05/25 09:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/05/25 09:30:40 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/09/22 15:55:31 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/ig
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf\1.1_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starwoodhotels.com ([login.one] https in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CBCFD11-E818-43B0-B559-B1218B3299E8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A9563AD-A37A-47B9-8D4D-246BB0411131}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\codecs~1\261123~1.78\{16cdf~1\codecm~1.dll) - c:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\codecs~1\22639~1.201\{16cdf~1\codecm~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Programme\WebSearch\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dw20.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\finder.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\googledrivesync.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mspview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ois.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenotem.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\proflwiz.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{444d7732-6342-11de-8543-00238b760159}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{6b955648-8715-11e2-bc49-00238b760159}\Shell - "" = AutoRun
O33 - MountPoints2\{6b955648-8715-11e2-bc49-00238b760159}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{bbfe6049-984a-11e2-9320-00238b760159}\Shell - "" = AutoRun
O33 - MountPoints2\{bbfe6049-984a-11e2-9320-00238b760159}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 19:08:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013/06/10 14:38:51 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/06/10 14:38:51 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/06/10 14:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013/06/10 14:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TuneUp Software
[2013/06/10 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013/06/10 14:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/06/10 14:36:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/06/10 14:36:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/10 12:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2013/06/10 12:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 12:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/10 12:29:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/10 12:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/05 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Wohnung
[2013/06/04 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013/06/04 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/05/29 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Melesta
[2013/05/29 11:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGT-Games
[2013/05/29 11:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green City 2
[2013/05/25 09:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/24 20:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/24 20:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/24 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/24 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/14 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\buch
[2013/05/13 09:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy
[2013/05/13 09:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy
[2013/05/13 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\BigFishGames
[2013/05/12 21:10:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Forever Entertainment
[2010/11/16 17:43:01 | 000,701,528 | ---- | C] (Netviewer GmbH) -- C:\Program Files\NV_o2o_Teilnehmer_DE.exe
[2010/11/16 17:42:31 | 002,129,920 | R--- | C] (Apache Software Foundation) -- C:\Program Files\xerces.dll
[2010/11/16 17:42:31 | 001,435,648 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmdoc.dll
[2010/11/16 17:42:31 | 000,041,984 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmget.dll
[2010/11/16 17:42:30 | 001,147,904 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmcrypt.dll
[2010/11/16 17:42:30 | 001,122,304 | R--- | C] (IBM Corporation and others) -- C:\Program Files\icuuc40.dll
[2010/11/16 17:42:30 | 000,864,256 | ---- | C] (SECUNET AG) -- C:\Program Files\rsapem32.dll
[2010/11/16 17:42:30 | 000,139,264 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tm98.dll
[2010/11/16 17:42:28 | 013,913,600 | R--- | C] (IBM Corporation and others) -- C:\Program Files\icudt40.dll
[2010/11/16 17:42:28 | 001,152,512 | R--- | C] (Olaf Stüben) -- C:\Program Files\fa_xml.dll
[2010/11/16 17:42:27 | 001,996,800 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericxml.dll
[2010/11/16 17:42:27 | 001,190,912 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\erictransfer.dll
[2010/11/16 17:42:27 | 000,954,368 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericutil.dll
[2010/11/16 17:42:26 | 003,791,872 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericprint.dll
[2010/11/16 17:42:26 | 000,881,152 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericcrypt.dll
[2010/11/16 17:42:26 | 000,311,808 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericplugin.dll
[2010/11/16 17:42:26 | 000,146,944 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericio.dll
[2010/11/16 17:42:25 | 004,914,176 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericbasis.dll
[2010/11/16 17:42:25 | 001,929,216 | ---- | C] (secunet Security Networks AG) -- C:\Program Files\e_signer.dll
[2010/11/16 17:42:25 | 000,738,728 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTDynInt.ocx
[2010/11/16 17:42:25 | 000,584,192 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericapi.dll
[2010/11/16 17:42:25 | 000,254,976 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericanm.dll
[2010/11/16 17:42:25 | 000,069,632 | ---- | C] (Giesecke & Devrient) -- C:\Program Files\compr32.dll
[2010/11/16 17:42:24 | 003,998,120 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTextDLL01.DLL
[2010/11/16 17:42:23 | 000,132,392 | ---- | C] (R&S EDV-Beratung, Hannover) -- C:\Program Files\rspatcher.exe
[2010/11/16 17:42:19 | 001,028,096 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\libeay32.dll
[2010/11/16 17:42:19 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2010/11/16 17:42:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2010/11/16 17:42:19 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2010/11/16 17:42:19 | 000,221,184 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\ssleay32.dll
[2010/11/16 17:42:11 | 003,833,856 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Program Files\CDIntf300.dll
[2010/11/16 17:42:11 | 000,933,888 | ---- | C] (Siemens) -- C:\Program Files\fapi.dll
[2010/11/16 17:42:11 | 000,139,264 | ---- | C] (STMicroelectronics) -- C:\Program Files\tci.dll
[2010/07/30 16:31:44 | 000,148,480 | R--- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files\log4cpp.dll
[2010/02/11 14:09:16 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vc9SP1KB973552redist_x86.exe
[2010/01/26 15:19:58 | 000,024,576 | ---- | C] (keine) -- C:\Program Files\rsodf.dll
[2010/01/26 15:19:44 | 000,196,608 | ---- | C] (ICSharpCode.net) -- C:\Program Files\icsharpcode.sharpziplib.dll
========== Files - Modified Within 30 Days ==========
[2013/06/11 19:09:48 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
[2013/06/11 19:08:37 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable
[2013/06/11 19:08:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013/06/11 18:58:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 18:28:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 17:29:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 17:29:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 13:29:12 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 13:28:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 07:30:32 | 000,002,156 | ---- | M] () -- C:\Users\Sebastian\Desktop\Saaat - Chrome.lnk
[2013/06/11 07:29:48 | 000,510,569 | ---- | M] () -- C:\Users\Sebastian\Documents\bookmarks_11.06.13.html
[2013/06/10 19:40:43 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000UA.job
[2013/06/10 19:40:43 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000Core.job
[2013/06/10 14:38:46 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013/06/10 14:38:46 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/06/10 12:29:21 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/09 19:12:44 | 220,508,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/06 13:16:57 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/29 11:57:31 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Green City 2.lnk
[2013/05/28 14:28:01 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/28 14:28:01 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/28 14:28:01 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/28 14:28:01 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/24 20:41:47 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/16 07:11:33 | 000,374,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/13 09:09:32 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\Farm Frenzy.lnk
[2013/05/13 09:08:06 | 000,029,184 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2013/06/11 19:09:47 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
[2013/06/11 19:08:37 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable
[2013/06/11 19:07:57 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013/06/11 07:30:31 | 000,002,156 | ---- | C] () -- C:\Users\Sebastian\Desktop\Saaat - Chrome.lnk
[2013/06/11 07:29:48 | 000,510,569 | ---- | C] () -- C:\Users\Sebastian\Documents\bookmarks_11.06.13.html
[2013/06/10 14:38:46 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013/06/10 14:38:46 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013/06/10 14:38:46 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/06/10 12:29:21 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/06 13:16:57 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/06/01 23:14:59 | 220,508,363 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 11:57:31 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Green City 2.lnk
[2013/05/24 20:41:47 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/13 09:09:32 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\Farm Frenzy.lnk
[2013/01/19 21:55:39 | 000,321,774 | ---- | C] () -- C:\Users\Sebastian\bookmarks.html
[2012/07/04 18:44:43 | 000,100,441 | ---- | C] () -- C:\Users\Sebastian\DSCF3707.jpg
[2011/08/17 08:47:19 | 000,092,240 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/08/17 08:47:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/08/17 08:47:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/08/17 08:47:19 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/08/17 08:47:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/08/17 08:47:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/08/17 08:47:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/08/17 08:47:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/08/17 08:47:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/08/17 08:47:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/08/17 08:47:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/08/17 08:47:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/08/17 08:47:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/08/17 08:47:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/08/17 08:47:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/08/17 08:47:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/08/17 08:47:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/08/17 08:45:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2010/11/16 17:43:11 | 000,219,717 | ---- | C] () -- C:\Program Files\sp.config.xml
[2010/11/16 17:43:05 | 001,169,008 | ---- | C] () -- C:\Program Files\meinsparbuchheute.exe
[2010/11/16 17:43:05 | 000,337,192 | ---- | C] () -- C:\Program Files\wiso2010.exe
[2010/11/16 17:43:04 | 000,193,247 | ---- | C] () -- C:\Program Files\konfigurator_verheiratet.s10
[2010/11/16 17:43:04 | 000,168,022 | ---- | C] () -- C:\Program Files\konfigurator_ledig.s10
[2010/11/16 17:43:02 | 000,282,624 | ---- | C] () -- C:\Program Files\wisohilfe.exe
[2010/11/16 17:43:02 | 000,196,608 | ---- | C] () -- C:\Program Files\phonon_ds9rs4.dll
[2010/11/16 17:42:59 | 000,000,156 | ---- | C] () -- C:\Program Files\helpdesk.cfg
[2010/11/16 17:42:52 | 025,182,208 | ---- | C] () -- C:\Program Files\wstyle110.dll
[2010/11/16 17:42:52 | 001,019,904 | ---- | C] () -- C:\Program Files\wfrm510.dll
[2010/11/16 17:42:52 | 000,716,800 | ---- | C] () -- C:\Program Files\wfrm210.dll
[2010/11/16 17:42:52 | 000,360,448 | ---- | C] () -- C:\Program Files\wfrm410.dll
[2010/11/16 17:42:52 | 000,025,088 | ---- | C] () -- C:\Program Files\wfrm610.dll
[2010/11/16 17:42:51 | 000,311,296 | ---- | C] () -- C:\Program Files\wfrm110.dll
[2010/11/16 17:42:51 | 000,284,208 | ---- | C] () -- C:\Program Files\cdcheck.exe
[2010/11/16 17:42:51 | 000,110,592 | ---- | C] () -- C:\Program Files\wfrm310.dll
[2010/11/16 17:42:51 | 000,106,496 | ---- | C] () -- C:\Program Files\ngmndl.dll
[2010/11/16 17:42:48 | 000,090,112 | ---- | C] () -- C:\Program Files\whelpust10.dll
[2010/11/16 17:42:48 | 000,015,872 | ---- | C] () -- C:\Program Files\whelpzmz10.dll
[2010/11/16 17:42:48 | 000,012,800 | ---- | C] () -- C:\Program Files\whelpzmm10.dll
[2010/11/16 17:42:48 | 000,010,752 | ---- | C] () -- C:\Program Files\whelpva10.dll
[2010/11/16 17:42:47 | 000,344,064 | ---- | C] () -- C:\Program Files\whelpgef10.dll
[2010/11/16 17:42:47 | 000,208,896 | ---- | C] () -- C:\Program Files\whelpeue10.dll
[2010/11/16 17:42:47 | 000,065,536 | ---- | C] () -- C:\Program Files\whelpmbr10.dll
[2010/11/16 17:42:47 | 000,061,440 | ---- | C] () -- C:\Program Files\whelpehz10.dll
[2010/11/16 17:42:47 | 000,048,128 | ---- | C] () -- C:\Program Files\whelpstpl10.dll
[2010/11/16 17:42:47 | 000,031,744 | ---- | C] () -- C:\Program Files\whelpiz10.dll
[2010/11/16 17:42:47 | 000,026,624 | ---- | C] () -- C:\Program Files\whelpmv10.dll
[2010/11/16 17:42:47 | 000,020,480 | ---- | C] () -- C:\Program Files\whelpgst10.dll
[2010/11/16 17:42:46 | 000,679,936 | ---- | C] () -- C:\Program Files\whelplos10.dll
[2010/11/16 17:42:39 | 028,065,792 | ---- | C] () -- C:\Program Files\whelpurt10.dll
[2010/11/16 17:42:39 | 000,172,032 | ---- | C] () -- C:\Program Files\whelptt10.dll
[2010/11/16 17:42:36 | 009,117,696 | ---- | C] () -- C:\Program Files\whelpges10.dll
[2010/11/16 17:42:36 | 000,057,344 | ---- | C] () -- C:\Program Files\whelpfaq10.dll
[2010/11/16 17:42:35 | 001,236,992 | ---- | C] () -- C:\Program Files\whelpest10.dll
[2010/11/16 17:42:35 | 000,425,984 | ---- | C] () -- C:\Program Files\whelpbfh10.dll
[2010/11/16 17:42:35 | 000,208,896 | ---- | C] () -- C:\Program Files\whelpabc10.dll
[2010/11/16 17:42:35 | 000,069,632 | ---- | C] () -- C:\Program Files\whelpbnr10.dll
[2010/11/16 17:42:35 | 000,047,616 | ---- | C] () -- C:\Program Files\whelpfabu10.dll
[2010/11/16 17:42:35 | 000,006,144 | ---- | C] () -- C:\Program Files\whelpbel10.dll
[2010/11/16 17:42:30 | 000,204,800 | ---- | C] () -- C:\Program Files\rsericp.dll
[2010/11/16 17:42:25 | 000,182,643 | ---- | C] () -- C:\Program Files\buttons.pcc
[2010/11/16 17:42:24 | 000,000,040 | ---- | C] () -- C:\Program Files\WPTDynInt.lic
[2010/11/16 17:42:23 | 002,981,672 | ---- | C] () -- C:\Program Files\rssysteminfo.exe
[2010/11/16 17:42:23 | 000,364,544 | ---- | C] () -- C:\Program Files\qtxmlrs4.dll
[2010/11/16 17:42:23 | 000,266,240 | ---- | C] () -- C:\Program Files\phononrs4.dll
[2010/11/16 17:42:23 | 000,233,472 | ---- | C] () -- C:\Program Files\rszeus4.dll
[2010/11/16 17:42:23 | 000,230,752 | ---- | C] () -- C:\Program Files\patchw32.dll
[2010/11/16 17:42:23 | 000,161,064 | ---- | C] () -- C:\Program Files\rspatch.exe
[2010/11/16 17:42:23 | 000,151,552 | ---- | C] () -- C:\Program Files\rsodbc4.dll
[2010/11/16 17:42:23 | 000,122,880 | ---- | C] () -- C:\Program Files\rswinapi4.dll
[2010/11/16 17:42:23 | 000,094,208 | ---- | C] () -- C:\Program Files\rsdebug4.dll
[2010/11/16 17:42:23 | 000,029,184 | ---- | C] () -- C:\Program Files\rsdcom4.dll
[2010/11/16 17:42:22 | 002,007,040 | ---- | C] () -- C:\Program Files\qtxmlpatternsrs4.dll
[2010/11/16 17:42:21 | 009,437,184 | ---- | C] () -- C:\Program Files\qtwebkitrs4.dll
[2010/11/16 17:42:21 | 000,897,024 | ---- | C] () -- C:\Program Files\qtnetworkrs4.dll
[2010/11/16 17:42:21 | 000,704,512 | ---- | C] () -- C:\Program Files\qtscriptrs4.dll
[2010/11/16 17:42:21 | 000,589,824 | ---- | C] () -- C:\Program Files\qtsqlrs4.dll
[2010/11/16 17:42:21 | 000,442,368 | ---- | C] () -- C:\Program Files\qtopenglrs4.dll
[2010/11/16 17:42:21 | 000,274,432 | ---- | C] () -- C:\Program Files\qtsvgrs4.dll
[2010/11/16 17:42:21 | 000,086,016 | ---- | C] () -- C:\Program Files\qttestrs4.dll
[2010/11/16 17:42:20 | 008,028,160 | ---- | C] () -- C:\Program Files\qtguirs4.dll
[2010/11/16 17:42:20 | 002,080,768 | ---- | C] () -- C:\Program Files\qtcorers4.dll
[2010/11/16 17:42:19 | 002,416,640 | ---- | C] () -- C:\Program Files\qt3supportrs4.dll
[2010/11/16 17:42:19 | 000,311,296 | ---- | C] () -- C:\Program Files\whelptech10.dll
[2010/11/16 17:42:18 | 002,084,864 | ---- | C] () -- C:\Program Files\wxml10.dll
[2010/11/16 17:42:18 | 000,651,264 | ---- | C] () -- C:\Program Files\whelpcnt10.dll
[2010/11/16 17:42:18 | 000,221,184 | ---- | C] () -- C:\Program Files\wzsmdl10.dll
[2010/11/16 17:42:17 | 002,191,360 | ---- | C] () -- C:\Program Files\wstyle10.dll
[2010/11/16 17:42:17 | 001,586,800 | ---- | C] () -- C:\Program Files\wmain10.dll
[2010/11/16 17:42:17 | 001,347,584 | ---- | C] () -- C:\Program Files\wwerb10.dll
[2010/11/16 17:42:17 | 001,220,608 | ---- | C] () -- C:\Program Files\wreli10.dll
[2010/11/16 17:42:17 | 001,040,384 | ---- | C] () -- C:\Program Files\wsteu10.dll
[2010/11/16 17:42:17 | 000,552,960 | ---- | C] () -- C:\Program Files\woptions10.dll
[2010/11/16 17:42:17 | 000,270,336 | ---- | C] () -- C:\Program Files\wsearch10.dll
[2010/11/16 17:42:17 | 000,167,936 | ---- | C] () -- C:\Program Files\wnavitree10.dll
[2010/11/16 17:42:17 | 000,077,824 | ---- | C] () -- C:\Program Files\wsons10.dll
[2010/11/16 17:42:16 | 006,823,936 | ---- | C] () -- C:\Program Files\wkont10.dll
[2010/11/16 17:42:16 | 000,135,168 | ---- | C] () -- C:\Program Files\wincb10.dll
[2010/11/16 17:42:15 | 009,506,816 | ---- | C] () -- C:\Program Files\winc10.dll
[2010/11/16 17:42:15 | 001,839,104 | ---- | C] () -- C:\Program Files\whau210.dll
[2010/11/16 17:42:15 | 001,593,344 | ---- | C] () -- C:\Program Files\wimp10.dll
[2010/11/16 17:42:14 | 002,134,016 | ---- | C] () -- C:\Program Files\wbae310.dll
[2010/11/16 17:42:14 | 001,216,512 | ---- | C] () -- C:\Program Files\wfabu10.dll
[2010/11/16 17:42:14 | 001,200,128 | ---- | C] () -- C:\Program Files\wbae410.dll
[2010/11/16 17:42:14 | 001,105,920 | ---- | C] () -- C:\Program Files\wfvie10.dll
[2010/11/16 17:42:14 | 000,827,392 | ---- | C] () -- C:\Program Files\wform10.dll
[2010/11/16 17:42:14 | 000,684,032 | ---- | C] () -- C:\Program Files\wbae210.dll
[2010/11/16 17:42:14 | 000,602,112 | ---- | C] () -- C:\Program Files\whau110.dll
[2010/11/16 17:42:14 | 000,471,040 | ---- | C] () -- C:\Program Files\wfanl10.dll
[2010/11/16 17:42:14 | 000,077,824 | ---- | C] () -- C:\Program Files\wglob10.dll
[2010/11/16 17:42:13 | 004,743,168 | ---- | C] () -- C:\Program Files\wauff10.dll
[2010/11/16 17:42:13 | 004,505,600 | ---- | C] () -- C:\Program Files\wanl10.dll
[2010/11/16 17:42:13 | 004,050,944 | ---- | C] () -- C:\Program Files\wbae110.dll
[2010/11/16 17:42:11 | 013,639,680 | ---- | C] () -- C:\Program Files\main10.db3
[2010/11/16 17:42:11 | 000,000,040 | ---- | C] () -- C:\Program Files\idd.dat
[2010/07/30 16:31:44 | 000,044,032 | R--- | C] () -- C:\Program Files\libboost_date_time-vc90-mt-1_36.dll
[2010/06/22 17:32:38 | 000,266,515 | ---- | C] () -- C:\Program Files\kmu_2007_2009.pdf
[2010/06/22 17:32:38 | 000,136,546 | ---- | C] () -- C:\Program Files\iz2007_2009.pdf
[2010/06/22 17:32:38 | 000,134,998 | ---- | C] () -- C:\Program Files\iz2010_2009.pdf
[2010/06/22 17:32:38 | 000,121,904 | ---- | C] () -- C:\Program Files\kmu_2010_2009.pdf
[2010/01/26 15:19:48 | 002,568,192 | ---- | C] ( ) -- C:\Program Files\itextsharp.dll
[2010/01/26 15:19:34 | 000,589,824 | ---- | C] () -- C:\Program Files\aodl.dll
[2009/07/07 20:47:42 | 000,000,746 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wklnhst.dat
[2009/06/27 23:44:36 | 000,029,184 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/27 19:57:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/01 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\1&1 Mail & Media GmbH
[2013/04/26 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\2monkeys
[2013/03/03 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AirlineBaggageMania Deluxe
[2013/02/08 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AlawarEntertainment
[2013/04/25 13:48:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\aliasworlds
[2013/01/19 21:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Amazon
[2013/04/01 11:33:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Anuman
[2012/09/22 15:55:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2012/11/12 15:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Big Fish Games
[2012/07/26 14:10:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BlamGames
[2010/11/16 17:45:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Buhl Data Service
[2013/01/15 14:31:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BumpkinBrothers
[2012/06/14 11:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\CannyGames
[2013/05/08 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\cerasus.media
[2012/06/11 15:15:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Daedalic Entertainment
[2013/04/28 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite
[2012/10/27 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Digilabs
[2013/06/10 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Dropbox
[2012/08/30 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft
[2012/06/03 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/17 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON
[2013/05/12 21:10:23 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Forever Entertainment
[2013/02/04 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\HipSoft
[2011/06/23 11:45:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Iggels
[2013/05/29 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LeeGT-Games
[2013/01/08 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Lonely Troops
[2013/02/17 14:39:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Melesta
[2012/10/27 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MPC
[2013/03/08 09:51:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nitreal Games
[2012/10/23 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\onOne Software
[2013/04/26 16:55:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PlayFirst
[2011/01/28 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ProtectDISC
[2012/10/30 11:28:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sidewalk Games
[2013/04/22 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SulusGames
[2013/04/25 15:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Systweak
[2009/07/07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Template
[2013/06/10 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TuneUp Software
[2012/09/21 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ViquaSoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:14D29229
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:C0913157
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:1663E41B
< End of report >
extras.txt Code:
OTL Extras logfile created on: 6/11/2013 7:13:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
2.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 53.66% Memory free
5.90 Gb Paging File | 4.30 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 30.76 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 131.89 Gb Total Space | 81.98 Gb Free Space | 62.16% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{496A4803-7FDF-45BE-81BE-7A51EC984E9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{55F156FF-5706-4671-AC0E-88EA0B72ED95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58CF60D3-5E6B-4B5F-B3BB-C52B32E19C40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F055935-A100-4612-B5B1-1DA9BB247A5D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7880E8B7-E639-466A-B9C9-026C9533AFF2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{815B6B43-D78A-44BF-AB7D-7340C3B6A773}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C1BD77A-C54A-44CF-BB78-F72DC07BE302}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9D556174-C58D-42BA-84B4-0FE2A3D2C1F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A054E8BC-00E3-42C1-AC86-2C586297597A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0CE7A32-DF98-4A9E-AED9-DFA4D88F3CB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1EB6565-BBF2-4E2D-9F06-238A23D0EC56}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B56A4D1D-D051-48B0-B570-BBA77855801B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53E348C-B8A9-42D7-B720-CEF65435C3F9}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8BC5A75-BB27-4642-B20A-5F550E786DBE}" = rport=445 | protocol=6 | dir=out | app=system |
"{D31A04AC-41EC-49E6-BEAF-EE6ECB8A89FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEACF911-7C86-4B95-88A7-D91B2FF3BD64}" = lport=137 | protocol=17 | dir=in | app=system |
"{E56A4C2B-31A7-460D-BAD5-332B25241B89}" = rport=139 | protocol=6 | dir=out | app=system |
"{F4D424BC-E0B5-4ACD-94F7-79CAE7865D3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7DD5DC1-B104-47A9-8D91-9C62E95EE36F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C832F3E-89EE-4AD2-BBB6-5FFB859EA87E}" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{1372E262-3046-45E7-B007-27C8C664AB2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B012AFF-E164-4F1C-8FA8-5F08E7BACDCC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DF9335B-69E6-4A11-8238-42F801BDF392}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\uninstall manager.exe |
"{2CFBD2A7-22CE-490B-A787-4F8F55965872}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3AF90895-4242-467B-AAAF-468FBAF8D2F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50A215FD-E6E1-4B15-9ACD-7AA37DA2C2D5}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_519 |
"{618791DD-FE26-4773-8263-99F0E746CD09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6344DC7A-CF87-46AC-A887-C90AC6E368C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67FABF15-7CAE-4D8B-AA7E-A92570A0E482}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C0DC793-0337-4276-95BC-381C3EB25848}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{762BCFAF-42DC-47B8-954F-A90A2679F52C}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_518 |
"{7761B87E-1963-4876-9F72-3F0D28256468}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8503465A-7F96-42C2-A21F-132285DFFC69}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{876C6327-01B1-4F95-8137-5CA635A1C3C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8793EC46-5860-4A30-8958-E95520AE7B04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{928448FE-6C52-4FC7-8BA9-875F49F06A4F}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_567 |
"{9658A770-FA63-4280-87FC-0CCB81284CCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A63B7E0-8D7C-4F3A-98B1-FD2A08C0626C}" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{A33E1607-C7C8-4CDD-8644-7B5E78F8E703}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC63FA80-6FCF-4586-856F-E464504FE027}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6319E7A-7EBE-4FB9-BEF1-64FA19FB50D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C336A75D-0235-4300-B43A-0CBC4BE08E6B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5EDCCB1-4F8F-4EF4-89AE-70A6247C68DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C66F226F-C27D-4F55-9748-17ECE09ED2F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCDD84C7-02F2-4FD1-8A3A-ADBED88E9757}" = protocol=6 | dir=out | app=system |
"{EE48DFA9-7619-4763-8B97-119CC22D474D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F18DFDA3-CDCC-4C24-A7B6-039269F44044}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_532.decrpt |
"{F205EE78-4A09-4987-9048-D369C4AE7CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F880F3FC-0E60-41BC-AEF5-741120DA3EB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCD3C1FE-DAE1-4744-8753-6B7CE327F776}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"TCP Query User{570BFEED-4078-4D55-8944-C8F80C89D935}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{95C71B0F-B99B-43D7-8186-CADF932F466C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6429470C-2D6E-449E-8DAF-C6A7B921E806}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DE473A92-D431-478F-BF07-9FBE058E4B26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07993A33-B1C7-4622-BC6E-B2ECE993E871}" = Farm Frenzy
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Codecs Pack Manager
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A8F8C5-C152-4B35-9AE9-8F9FFD02EE5E}" = Green City 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B4202C-2FE2-4BE8-A903-67C0285702DA}" = BrowseToSave
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"nEO iMAGING_is1" = nEO iMAGING version 1.0.1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rainlendar2" = Rainlendar2 (remove only)
"SP_48c708f2" =
"SP_b0285714" = Search Assistant WebSearch 1.74
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2013 9:35:49 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 1:59:19 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 6:22:17 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 11:25:30 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/12/2013 4:01:27 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/12/2013 11:09:08 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/13/2013 4:30:51 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/13/2013 9:25:11 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/14/2013 2:57:53 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/15/2013 2:14:48 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 6/27/2009 12:33:18 PM | Computer Name = Sebastian-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 6/11/2013 12:40:22 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:40:22 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:41:50 PM | Computer Name = Sebastian-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 6/11/2013 12:57:05 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:57:05 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
< End of report >
Gestern abend habe ich bereits alle Scans ausgeführt und während gmer lief habe ich länger telefoniert. Als ich wieder kam, berichtete mein Mann, der Laptop hätte sich selbstständig heruntergefahren und wieder neu gestartet. Die oben geposteten txt-Dateien finden sich nun auch nicht mehr auf dem Desktop (Gott sei Dank hatte ich alles bereits in Word gespeichert)...
Leider hat gmer auch keine txt-Datei auf dem Desktop hinterlasse, so dass ich heute morgen einen erneuten Scan starten wollte.
Scanne ich nun mit gmer bleibt das Programm nun zum zweiten Mal an der gleichen Stelle hängen:
"Software\Microsoft\Windows NT\CurrentVersion\Perflib\007"
Leider kann ich deshalb die Logdatei nicht posten...
Ich hoffe, man kann so trotzdem schon die Art des Problems erkennen?
Ich bedanke mich schonmal für die Hilfe,
viele Grüße,
Jojo |
TDSSKiller.exe und speichere diese Datei auf dem Desktop
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: