| |
| |||||||
Log-Analyse und Auswertung: Hostprozess beendet, Internet langsam (warten auf Cache)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.06.2013, 07:33
| #1 |
 |  Hostprozess beendet, Internet langsam (warten auf Cache) Liebe Experten, ich hoffe, ich finde hier Hilfe. Seit ein paar Tagen wird das internet immer mal wieder sehr langsam. In der Statuszeile von Chrome steht dann "Warten auf den Cache". Ich habe nun ein neues Nutzerprofil erstellt und es wurde deutlich besser, tritt aber dennoch immer wieder auf. Ebenso bekomme ich häufiger die Fehlermeldung "Hostprozess für Windows-Dienste wurde beendet und geschlossen". Ich habe bereits alle möglichen Scanner laufen lassen (antivir, malwarebytes, Spybot, TuneUp, hijackthis), aber es wurde anscheinend nichts Dramatisches gefunden, denn das Problem besteht nach wie vor. Ebenso ließ ich einige Systemprogramme von Vista laufen, aber auch das brachte nicht wirklich Erfolg. Nun bin ich als Laie mit meinem Latein am Ende und hoffe, ihr könnt mir helfen! Hier nun erstmal der defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 11/06/2013 (Sebastian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL.txt: Code:
ATTFilter OTL logfile created on: 6/11/2013 7:13:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
2.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 53.66% Memory free
5.90 Gb Paging File | 4.30 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 30.76 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 131.89 Gb Total Space | 81.98 Gb Free Space | 62.16% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
PRC - [2013/05/07 13:55:23 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/28 08:50:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/28 08:50:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/03/28 08:50:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/01/28 14:19:30 | 001,926,944 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2013/01/28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/04/11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/16 19:01:30 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 04:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
========== Modules (No Company Name) ==========
MOD - [2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
MOD - [2013/05/29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013/05/29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013/05/29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/01/31 13:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll
MOD - [2013/01/24 13:25:02 | 001,044,480 | ---- | M] () -- c:\Programme\WebSearch\sprotector.dll
MOD - [2013/01/24 13:16:54 | 001,050,112 | ---- | M] () -- c:\Programme\BrowseToSave\sprotector.dll
MOD - [2011/08/12 07:45:26 | 000,198,144 | ---- | M] () -- D:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- D:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 12:58:14 | 000,502,784 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 12:58:00 | 000,131,584 | ---- | M] () -- D:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 12:57:56 | 000,485,376 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 12:57:44 | 000,707,584 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 12:57:36 | 002,633,216 | ---- | M] () -- D:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 12:56:46 | 001,205,760 | ---- | M] () -- D:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 20:20:08 | 000,012,288 | ---- | M] () -- D:\Program Files\Rainlendar2\lfs.dll
MOD - [2010/05/23 20:20:04 | 000,126,976 | ---- | M] () -- D:\Program Files\Rainlendar2\lua51.dll
MOD - [2007/06/02 21:41:36 | 000,617,472 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/25 09:30:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 20:58:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/28 08:50:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/28 08:50:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/25 13:03:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/04/25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/28 08:50:33 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/28 08:50:33 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/28 08:50:33 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/03/20 09:52:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/11/16 16:51:36 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/05/22 14:24:46 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/22 12:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 08:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2010/12/02 06:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/06/30 19:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/26 06:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/05/27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=115849&tt=3812_4&babsrc=HP_ss&mntrId=e035229100000000000000225f62723b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115849&tt=3812_4&babsrc=SP_ss&mntrId=e035229100000000000000225f62723b
IE - HKCU\..\SearchScopes\{10C6BF65-4A78-4305-9FD7-D7C6E5C393CF}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{428A29CF-43C8-423E-85DA-3E6E3AAD400E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{819ECA82-F786-4D20-906A-6954323AC01C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE
IE - HKCU\..\SearchScopes\{DE157F5A-3B9B-409C-B651-F5A5F4DDD747}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 09:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/06 13:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 09:30:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/06 13:16:56 | 000,000,000 | ---D | M]
[2013/01/19 22:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2013/04/25 15:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\lssdihk7.default\Extensions
[2013/04/25 15:58:01 | 000,000,000 | ---D | M] (Bruowse2ssAive) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\lssdihk7.default\Extensions\ihkha@uvwyva.com
[2012/09/22 15:55:31 | 000,002,349 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\lssdihk7.default\searchplugins\bProtect.xml
[2013/04/26 22:22:03 | 000,007,832 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\lssdihk7.default\searchplugins\WebSearch.xml
[2013/05/25 09:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/05/25 09:30:40 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/09/22 15:55:31 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/ig
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf\1.1_0\
CHR - Extension: No name found = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: starwoodhotels.com ([login.one] https in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CBCFD11-E818-43B0-B559-B1218B3299E8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A9563AD-A37A-47B9-8D4D-246BB0411131}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\codecs~1\261123~1.78\{16cdf~1\codecm~1.dll) - c:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\codecs~1\22639~1.201\{16cdf~1\codecm~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\Programme\WebSearch\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dw20.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\finder.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\googledrivesync.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mspview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ois.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenotem.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\proflwiz.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{444d7732-6342-11de-8543-00238b760159}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{6b955648-8715-11e2-bc49-00238b760159}\Shell - "" = AutoRun
O33 - MountPoints2\{6b955648-8715-11e2-bc49-00238b760159}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{bbfe6049-984a-11e2-9320-00238b760159}\Shell - "" = AutoRun
O33 - MountPoints2\{bbfe6049-984a-11e2-9320-00238b760159}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 19:08:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013/06/10 14:38:51 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/06/10 14:38:51 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/06/10 14:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013/06/10 14:38:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TuneUp Software
[2013/06/10 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013/06/10 14:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/06/10 14:36:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/06/10 14:36:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/10 12:29:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2013/06/10 12:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 12:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/10 12:29:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/10 12:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/05 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Wohnung
[2013/06/04 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013/06/04 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/05/29 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Melesta
[2013/05/29 11:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGT-Games
[2013/05/29 11:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green City 2
[2013/05/25 09:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/24 20:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/24 20:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/24 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/24 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/14 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\buch
[2013/05/13 09:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy
[2013/05/13 09:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy
[2013/05/13 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\BigFishGames
[2013/05/12 21:10:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Forever Entertainment
[2010/11/16 17:43:01 | 000,701,528 | ---- | C] (Netviewer GmbH) -- C:\Program Files\NV_o2o_Teilnehmer_DE.exe
[2010/11/16 17:42:31 | 002,129,920 | R--- | C] (Apache Software Foundation) -- C:\Program Files\xerces.dll
[2010/11/16 17:42:31 | 001,435,648 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmdoc.dll
[2010/11/16 17:42:31 | 000,041,984 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmget.dll
[2010/11/16 17:42:30 | 001,147,904 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmcrypt.dll
[2010/11/16 17:42:30 | 001,122,304 | R--- | C] (IBM Corporation and others) -- C:\Program Files\icuuc40.dll
[2010/11/16 17:42:30 | 000,864,256 | ---- | C] (SECUNET AG) -- C:\Program Files\rsapem32.dll
[2010/11/16 17:42:30 | 000,139,264 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tm98.dll
[2010/11/16 17:42:28 | 013,913,600 | R--- | C] (IBM Corporation and others) -- C:\Program Files\icudt40.dll
[2010/11/16 17:42:28 | 001,152,512 | R--- | C] (Olaf Stüben) -- C:\Program Files\fa_xml.dll
[2010/11/16 17:42:27 | 001,996,800 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericxml.dll
[2010/11/16 17:42:27 | 001,190,912 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\erictransfer.dll
[2010/11/16 17:42:27 | 000,954,368 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericutil.dll
[2010/11/16 17:42:26 | 003,791,872 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericprint.dll
[2010/11/16 17:42:26 | 000,881,152 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericcrypt.dll
[2010/11/16 17:42:26 | 000,311,808 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericplugin.dll
[2010/11/16 17:42:26 | 000,146,944 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericio.dll
[2010/11/16 17:42:25 | 004,914,176 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericbasis.dll
[2010/11/16 17:42:25 | 001,929,216 | ---- | C] (secunet Security Networks AG) -- C:\Program Files\e_signer.dll
[2010/11/16 17:42:25 | 000,738,728 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTDynInt.ocx
[2010/11/16 17:42:25 | 000,584,192 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericapi.dll
[2010/11/16 17:42:25 | 000,254,976 | R--- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericanm.dll
[2010/11/16 17:42:25 | 000,069,632 | ---- | C] (Giesecke & Devrient) -- C:\Program Files\compr32.dll
[2010/11/16 17:42:24 | 003,998,120 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTextDLL01.DLL
[2010/11/16 17:42:23 | 000,132,392 | ---- | C] (R&S EDV-Beratung, Hannover) -- C:\Program Files\rspatcher.exe
[2010/11/16 17:42:19 | 001,028,096 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\libeay32.dll
[2010/11/16 17:42:19 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2010/11/16 17:42:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2010/11/16 17:42:19 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm80.dll
[2010/11/16 17:42:19 | 000,221,184 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\ssleay32.dll
[2010/11/16 17:42:11 | 003,833,856 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Program Files\CDIntf300.dll
[2010/11/16 17:42:11 | 000,933,888 | ---- | C] (Siemens) -- C:\Program Files\fapi.dll
[2010/11/16 17:42:11 | 000,139,264 | ---- | C] (STMicroelectronics) -- C:\Program Files\tci.dll
[2010/07/30 16:31:44 | 000,148,480 | R--- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files\log4cpp.dll
[2010/02/11 14:09:16 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vc9SP1KB973552redist_x86.exe
[2010/01/26 15:19:58 | 000,024,576 | ---- | C] (keine) -- C:\Program Files\rsodf.dll
[2010/01/26 15:19:44 | 000,196,608 | ---- | C] (ICSharpCode.net) -- C:\Program Files\icsharpcode.sharpziplib.dll
========== Files - Modified Within 30 Days ==========
[2013/06/11 19:09:48 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
[2013/06/11 19:08:37 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable
[2013/06/11 19:08:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013/06/11 19:07:58 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013/06/11 18:58:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 18:28:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 17:29:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 17:29:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 13:29:12 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 13:28:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 07:30:32 | 000,002,156 | ---- | M] () -- C:\Users\Sebastian\Desktop\Saaat - Chrome.lnk
[2013/06/11 07:29:48 | 000,510,569 | ---- | M] () -- C:\Users\Sebastian\Documents\bookmarks_11.06.13.html
[2013/06/10 19:40:43 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000UA.job
[2013/06/10 19:40:43 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000Core.job
[2013/06/10 14:38:46 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013/06/10 14:38:46 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/06/10 12:29:21 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/09 19:12:44 | 220,508,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/06 13:16:57 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/29 11:57:31 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Green City 2.lnk
[2013/05/28 14:28:01 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/28 14:28:01 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/28 14:28:01 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/28 14:28:01 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/24 20:41:47 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/16 07:11:33 | 000,374,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/13 09:09:32 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\Farm Frenzy.lnk
[2013/05/13 09:08:06 | 000,029,184 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2013/06/11 19:09:47 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
[2013/06/11 19:08:37 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable
[2013/06/11 19:07:57 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013/06/11 07:30:31 | 000,002,156 | ---- | C] () -- C:\Users\Sebastian\Desktop\Saaat - Chrome.lnk
[2013/06/11 07:29:48 | 000,510,569 | ---- | C] () -- C:\Users\Sebastian\Documents\bookmarks_11.06.13.html
[2013/06/10 14:38:46 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013/06/10 14:38:46 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013/06/10 14:38:46 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/06/10 12:29:21 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/06 13:16:57 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/06/01 23:14:59 | 220,508,363 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 11:57:31 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Green City 2.lnk
[2013/05/24 20:41:47 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/13 09:09:32 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\Farm Frenzy.lnk
[2013/01/19 21:55:39 | 000,321,774 | ---- | C] () -- C:\Users\Sebastian\bookmarks.html
[2012/07/04 18:44:43 | 000,100,441 | ---- | C] () -- C:\Users\Sebastian\DSCF3707.jpg
[2011/08/17 08:47:19 | 000,092,240 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/08/17 08:47:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/08/17 08:47:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/08/17 08:47:19 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/08/17 08:47:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/08/17 08:47:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/08/17 08:47:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/08/17 08:47:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/08/17 08:47:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/08/17 08:47:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/08/17 08:47:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/08/17 08:47:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/08/17 08:47:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/08/17 08:47:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/08/17 08:47:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/08/17 08:47:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/08/17 08:47:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/08/17 08:45:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2010/11/16 17:43:11 | 000,219,717 | ---- | C] () -- C:\Program Files\sp.config.xml
[2010/11/16 17:43:05 | 001,169,008 | ---- | C] () -- C:\Program Files\meinsparbuchheute.exe
[2010/11/16 17:43:05 | 000,337,192 | ---- | C] () -- C:\Program Files\wiso2010.exe
[2010/11/16 17:43:04 | 000,193,247 | ---- | C] () -- C:\Program Files\konfigurator_verheiratet.s10
[2010/11/16 17:43:04 | 000,168,022 | ---- | C] () -- C:\Program Files\konfigurator_ledig.s10
[2010/11/16 17:43:02 | 000,282,624 | ---- | C] () -- C:\Program Files\wisohilfe.exe
[2010/11/16 17:43:02 | 000,196,608 | ---- | C] () -- C:\Program Files\phonon_ds9rs4.dll
[2010/11/16 17:42:59 | 000,000,156 | ---- | C] () -- C:\Program Files\helpdesk.cfg
[2010/11/16 17:42:52 | 025,182,208 | ---- | C] () -- C:\Program Files\wstyle110.dll
[2010/11/16 17:42:52 | 001,019,904 | ---- | C] () -- C:\Program Files\wfrm510.dll
[2010/11/16 17:42:52 | 000,716,800 | ---- | C] () -- C:\Program Files\wfrm210.dll
[2010/11/16 17:42:52 | 000,360,448 | ---- | C] () -- C:\Program Files\wfrm410.dll
[2010/11/16 17:42:52 | 000,025,088 | ---- | C] () -- C:\Program Files\wfrm610.dll
[2010/11/16 17:42:51 | 000,311,296 | ---- | C] () -- C:\Program Files\wfrm110.dll
[2010/11/16 17:42:51 | 000,284,208 | ---- | C] () -- C:\Program Files\cdcheck.exe
[2010/11/16 17:42:51 | 000,110,592 | ---- | C] () -- C:\Program Files\wfrm310.dll
[2010/11/16 17:42:51 | 000,106,496 | ---- | C] () -- C:\Program Files\ngmndl.dll
[2010/11/16 17:42:48 | 000,090,112 | ---- | C] () -- C:\Program Files\whelpust10.dll
[2010/11/16 17:42:48 | 000,015,872 | ---- | C] () -- C:\Program Files\whelpzmz10.dll
[2010/11/16 17:42:48 | 000,012,800 | ---- | C] () -- C:\Program Files\whelpzmm10.dll
[2010/11/16 17:42:48 | 000,010,752 | ---- | C] () -- C:\Program Files\whelpva10.dll
[2010/11/16 17:42:47 | 000,344,064 | ---- | C] () -- C:\Program Files\whelpgef10.dll
[2010/11/16 17:42:47 | 000,208,896 | ---- | C] () -- C:\Program Files\whelpeue10.dll
[2010/11/16 17:42:47 | 000,065,536 | ---- | C] () -- C:\Program Files\whelpmbr10.dll
[2010/11/16 17:42:47 | 000,061,440 | ---- | C] () -- C:\Program Files\whelpehz10.dll
[2010/11/16 17:42:47 | 000,048,128 | ---- | C] () -- C:\Program Files\whelpstpl10.dll
[2010/11/16 17:42:47 | 000,031,744 | ---- | C] () -- C:\Program Files\whelpiz10.dll
[2010/11/16 17:42:47 | 000,026,624 | ---- | C] () -- C:\Program Files\whelpmv10.dll
[2010/11/16 17:42:47 | 000,020,480 | ---- | C] () -- C:\Program Files\whelpgst10.dll
[2010/11/16 17:42:46 | 000,679,936 | ---- | C] () -- C:\Program Files\whelplos10.dll
[2010/11/16 17:42:39 | 028,065,792 | ---- | C] () -- C:\Program Files\whelpurt10.dll
[2010/11/16 17:42:39 | 000,172,032 | ---- | C] () -- C:\Program Files\whelptt10.dll
[2010/11/16 17:42:36 | 009,117,696 | ---- | C] () -- C:\Program Files\whelpges10.dll
[2010/11/16 17:42:36 | 000,057,344 | ---- | C] () -- C:\Program Files\whelpfaq10.dll
[2010/11/16 17:42:35 | 001,236,992 | ---- | C] () -- C:\Program Files\whelpest10.dll
[2010/11/16 17:42:35 | 000,425,984 | ---- | C] () -- C:\Program Files\whelpbfh10.dll
[2010/11/16 17:42:35 | 000,208,896 | ---- | C] () -- C:\Program Files\whelpabc10.dll
[2010/11/16 17:42:35 | 000,069,632 | ---- | C] () -- C:\Program Files\whelpbnr10.dll
[2010/11/16 17:42:35 | 000,047,616 | ---- | C] () -- C:\Program Files\whelpfabu10.dll
[2010/11/16 17:42:35 | 000,006,144 | ---- | C] () -- C:\Program Files\whelpbel10.dll
[2010/11/16 17:42:30 | 000,204,800 | ---- | C] () -- C:\Program Files\rsericp.dll
[2010/11/16 17:42:25 | 000,182,643 | ---- | C] () -- C:\Program Files\buttons.pcc
[2010/11/16 17:42:24 | 000,000,040 | ---- | C] () -- C:\Program Files\WPTDynInt.lic
[2010/11/16 17:42:23 | 002,981,672 | ---- | C] () -- C:\Program Files\rssysteminfo.exe
[2010/11/16 17:42:23 | 000,364,544 | ---- | C] () -- C:\Program Files\qtxmlrs4.dll
[2010/11/16 17:42:23 | 000,266,240 | ---- | C] () -- C:\Program Files\phononrs4.dll
[2010/11/16 17:42:23 | 000,233,472 | ---- | C] () -- C:\Program Files\rszeus4.dll
[2010/11/16 17:42:23 | 000,230,752 | ---- | C] () -- C:\Program Files\patchw32.dll
[2010/11/16 17:42:23 | 000,161,064 | ---- | C] () -- C:\Program Files\rspatch.exe
[2010/11/16 17:42:23 | 000,151,552 | ---- | C] () -- C:\Program Files\rsodbc4.dll
[2010/11/16 17:42:23 | 000,122,880 | ---- | C] () -- C:\Program Files\rswinapi4.dll
[2010/11/16 17:42:23 | 000,094,208 | ---- | C] () -- C:\Program Files\rsdebug4.dll
[2010/11/16 17:42:23 | 000,029,184 | ---- | C] () -- C:\Program Files\rsdcom4.dll
[2010/11/16 17:42:22 | 002,007,040 | ---- | C] () -- C:\Program Files\qtxmlpatternsrs4.dll
[2010/11/16 17:42:21 | 009,437,184 | ---- | C] () -- C:\Program Files\qtwebkitrs4.dll
[2010/11/16 17:42:21 | 000,897,024 | ---- | C] () -- C:\Program Files\qtnetworkrs4.dll
[2010/11/16 17:42:21 | 000,704,512 | ---- | C] () -- C:\Program Files\qtscriptrs4.dll
[2010/11/16 17:42:21 | 000,589,824 | ---- | C] () -- C:\Program Files\qtsqlrs4.dll
[2010/11/16 17:42:21 | 000,442,368 | ---- | C] () -- C:\Program Files\qtopenglrs4.dll
[2010/11/16 17:42:21 | 000,274,432 | ---- | C] () -- C:\Program Files\qtsvgrs4.dll
[2010/11/16 17:42:21 | 000,086,016 | ---- | C] () -- C:\Program Files\qttestrs4.dll
[2010/11/16 17:42:20 | 008,028,160 | ---- | C] () -- C:\Program Files\qtguirs4.dll
[2010/11/16 17:42:20 | 002,080,768 | ---- | C] () -- C:\Program Files\qtcorers4.dll
[2010/11/16 17:42:19 | 002,416,640 | ---- | C] () -- C:\Program Files\qt3supportrs4.dll
[2010/11/16 17:42:19 | 000,311,296 | ---- | C] () -- C:\Program Files\whelptech10.dll
[2010/11/16 17:42:18 | 002,084,864 | ---- | C] () -- C:\Program Files\wxml10.dll
[2010/11/16 17:42:18 | 000,651,264 | ---- | C] () -- C:\Program Files\whelpcnt10.dll
[2010/11/16 17:42:18 | 000,221,184 | ---- | C] () -- C:\Program Files\wzsmdl10.dll
[2010/11/16 17:42:17 | 002,191,360 | ---- | C] () -- C:\Program Files\wstyle10.dll
[2010/11/16 17:42:17 | 001,586,800 | ---- | C] () -- C:\Program Files\wmain10.dll
[2010/11/16 17:42:17 | 001,347,584 | ---- | C] () -- C:\Program Files\wwerb10.dll
[2010/11/16 17:42:17 | 001,220,608 | ---- | C] () -- C:\Program Files\wreli10.dll
[2010/11/16 17:42:17 | 001,040,384 | ---- | C] () -- C:\Program Files\wsteu10.dll
[2010/11/16 17:42:17 | 000,552,960 | ---- | C] () -- C:\Program Files\woptions10.dll
[2010/11/16 17:42:17 | 000,270,336 | ---- | C] () -- C:\Program Files\wsearch10.dll
[2010/11/16 17:42:17 | 000,167,936 | ---- | C] () -- C:\Program Files\wnavitree10.dll
[2010/11/16 17:42:17 | 000,077,824 | ---- | C] () -- C:\Program Files\wsons10.dll
[2010/11/16 17:42:16 | 006,823,936 | ---- | C] () -- C:\Program Files\wkont10.dll
[2010/11/16 17:42:16 | 000,135,168 | ---- | C] () -- C:\Program Files\wincb10.dll
[2010/11/16 17:42:15 | 009,506,816 | ---- | C] () -- C:\Program Files\winc10.dll
[2010/11/16 17:42:15 | 001,839,104 | ---- | C] () -- C:\Program Files\whau210.dll
[2010/11/16 17:42:15 | 001,593,344 | ---- | C] () -- C:\Program Files\wimp10.dll
[2010/11/16 17:42:14 | 002,134,016 | ---- | C] () -- C:\Program Files\wbae310.dll
[2010/11/16 17:42:14 | 001,216,512 | ---- | C] () -- C:\Program Files\wfabu10.dll
[2010/11/16 17:42:14 | 001,200,128 | ---- | C] () -- C:\Program Files\wbae410.dll
[2010/11/16 17:42:14 | 001,105,920 | ---- | C] () -- C:\Program Files\wfvie10.dll
[2010/11/16 17:42:14 | 000,827,392 | ---- | C] () -- C:\Program Files\wform10.dll
[2010/11/16 17:42:14 | 000,684,032 | ---- | C] () -- C:\Program Files\wbae210.dll
[2010/11/16 17:42:14 | 000,602,112 | ---- | C] () -- C:\Program Files\whau110.dll
[2010/11/16 17:42:14 | 000,471,040 | ---- | C] () -- C:\Program Files\wfanl10.dll
[2010/11/16 17:42:14 | 000,077,824 | ---- | C] () -- C:\Program Files\wglob10.dll
[2010/11/16 17:42:13 | 004,743,168 | ---- | C] () -- C:\Program Files\wauff10.dll
[2010/11/16 17:42:13 | 004,505,600 | ---- | C] () -- C:\Program Files\wanl10.dll
[2010/11/16 17:42:13 | 004,050,944 | ---- | C] () -- C:\Program Files\wbae110.dll
[2010/11/16 17:42:11 | 013,639,680 | ---- | C] () -- C:\Program Files\main10.db3
[2010/11/16 17:42:11 | 000,000,040 | ---- | C] () -- C:\Program Files\idd.dat
[2010/07/30 16:31:44 | 000,044,032 | R--- | C] () -- C:\Program Files\libboost_date_time-vc90-mt-1_36.dll
[2010/06/22 17:32:38 | 000,266,515 | ---- | C] () -- C:\Program Files\kmu_2007_2009.pdf
[2010/06/22 17:32:38 | 000,136,546 | ---- | C] () -- C:\Program Files\iz2007_2009.pdf
[2010/06/22 17:32:38 | 000,134,998 | ---- | C] () -- C:\Program Files\iz2010_2009.pdf
[2010/06/22 17:32:38 | 000,121,904 | ---- | C] () -- C:\Program Files\kmu_2010_2009.pdf
[2010/01/26 15:19:48 | 002,568,192 | ---- | C] ( ) -- C:\Program Files\itextsharp.dll
[2010/01/26 15:19:34 | 000,589,824 | ---- | C] () -- C:\Program Files\aodl.dll
[2009/07/07 20:47:42 | 000,000,746 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wklnhst.dat
[2009/06/27 23:44:36 | 000,029,184 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/27 19:57:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/01 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\1&1 Mail & Media GmbH
[2013/04/26 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\2monkeys
[2013/03/03 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AirlineBaggageMania Deluxe
[2013/02/08 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AlawarEntertainment
[2013/04/25 13:48:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\aliasworlds
[2013/01/19 21:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Amazon
[2013/04/01 11:33:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Anuman
[2012/09/22 15:55:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2012/11/12 15:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Big Fish Games
[2012/07/26 14:10:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BlamGames
[2010/11/16 17:45:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Buhl Data Service
[2013/01/15 14:31:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BumpkinBrothers
[2012/06/14 11:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\CannyGames
[2013/05/08 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\cerasus.media
[2012/06/11 15:15:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Daedalic Entertainment
[2013/04/28 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite
[2012/10/27 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Digilabs
[2013/06/10 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Dropbox
[2012/08/30 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft
[2012/06/03 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/17 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON
[2013/05/12 21:10:23 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Forever Entertainment
[2013/02/04 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\HipSoft
[2011/06/23 11:45:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Iggels
[2013/05/29 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LeeGT-Games
[2013/01/08 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Lonely Troops
[2013/02/17 14:39:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Melesta
[2012/10/27 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MPC
[2013/03/08 09:51:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nitreal Games
[2012/10/23 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\onOne Software
[2013/04/26 16:55:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PlayFirst
[2011/01/28 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ProtectDISC
[2012/10/30 11:28:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sidewalk Games
[2013/04/22 17:41:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SulusGames
[2013/04/25 15:59:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Systweak
[2009/07/07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Template
[2013/06/10 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TuneUp Software
[2012/09/21 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ViquaSoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:14D29229
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:C0913157
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:1663E41B
< End of report >
extras.txt Code:
ATTFilter OTL Extras logfile created on: 6/11/2013 7:13:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
2.84 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 53.66% Memory free
5.90 Gb Paging File | 4.30 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 30.76 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 131.89 Gb Total Space | 81.98 Gb Free Space | 62.16% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{496A4803-7FDF-45BE-81BE-7A51EC984E9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{55F156FF-5706-4671-AC0E-88EA0B72ED95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58CF60D3-5E6B-4B5F-B3BB-C52B32E19C40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F055935-A100-4612-B5B1-1DA9BB247A5D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7880E8B7-E639-466A-B9C9-026C9533AFF2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{815B6B43-D78A-44BF-AB7D-7340C3B6A773}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C1BD77A-C54A-44CF-BB78-F72DC07BE302}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9D556174-C58D-42BA-84B4-0FE2A3D2C1F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A054E8BC-00E3-42C1-AC86-2C586297597A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0CE7A32-DF98-4A9E-AED9-DFA4D88F3CB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1EB6565-BBF2-4E2D-9F06-238A23D0EC56}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B56A4D1D-D051-48B0-B570-BBA77855801B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53E348C-B8A9-42D7-B720-CEF65435C3F9}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8BC5A75-BB27-4642-B20A-5F550E786DBE}" = rport=445 | protocol=6 | dir=out | app=system |
"{D31A04AC-41EC-49E6-BEAF-EE6ECB8A89FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEACF911-7C86-4B95-88A7-D91B2FF3BD64}" = lport=137 | protocol=17 | dir=in | app=system |
"{E56A4C2B-31A7-460D-BAD5-332B25241B89}" = rport=139 | protocol=6 | dir=out | app=system |
"{F4D424BC-E0B5-4ACD-94F7-79CAE7865D3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7DD5DC1-B104-47A9-8D91-9C62E95EE36F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C832F3E-89EE-4AD2-BBB6-5FFB859EA87E}" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{1372E262-3046-45E7-B007-27C8C664AB2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B012AFF-E164-4F1C-8FA8-5F08E7BACDCC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DF9335B-69E6-4A11-8238-42F801BDF392}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\uninstall manager.exe |
"{2CFBD2A7-22CE-490B-A787-4F8F55965872}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3AF90895-4242-467B-AAAF-468FBAF8D2F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50A215FD-E6E1-4B15-9ACD-7AA37DA2C2D5}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_519 |
"{618791DD-FE26-4773-8263-99F0E746CD09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6344DC7A-CF87-46AC-A887-C90AC6E368C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67FABF15-7CAE-4D8B-AA7E-A92570A0E482}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C0DC793-0337-4276-95BC-381C3EB25848}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{762BCFAF-42DC-47B8-954F-A90A2679F52C}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_518 |
"{7761B87E-1963-4876-9F72-3F0D28256468}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8503465A-7F96-42C2-A21F-132285DFFC69}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{876C6327-01B1-4F95-8137-5CA635A1C3C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8793EC46-5860-4A30-8958-E95520AE7B04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{928448FE-6C52-4FC7-8BA9-875F49F06A4F}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_567 |
"{9658A770-FA63-4280-87FC-0CCB81284CCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A63B7E0-8D7C-4F3A-98B1-FD2A08C0626C}" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{A33E1607-C7C8-4CDD-8644-7B5E78F8E703}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC63FA80-6FCF-4586-856F-E464504FE027}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6319E7A-7EBE-4FB9-BEF1-64FA19FB50D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C336A75D-0235-4300-B43A-0CBC4BE08E6B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5EDCCB1-4F8F-4EF4-89AE-70A6247C68DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C66F226F-C27D-4F55-9748-17ECE09ED2F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCDD84C7-02F2-4FD1-8A3A-ADBED88E9757}" = protocol=6 | dir=out | app=system |
"{EE48DFA9-7619-4763-8B97-119CC22D474D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F18DFDA3-CDCC-4C24-A7B6-039269F44044}" = dir=in | app=c:\users\sebast~1\appdata\local\temp\ibtmp5c3a491\component_532.decrpt |
"{F205EE78-4A09-4987-9048-D369C4AE7CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F880F3FC-0E60-41BC-AEF5-741120DA3EB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCD3C1FE-DAE1-4744-8753-6B7CE327F776}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"TCP Query User{570BFEED-4078-4D55-8944-C8F80C89D935}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{95C71B0F-B99B-43D7-8186-CADF932F466C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6429470C-2D6E-449E-8DAF-C6A7B921E806}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DE473A92-D431-478F-BF07-9FBE058E4B26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07993A33-B1C7-4622-BC6E-B2ECE993E871}" = Farm Frenzy
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Codecs Pack Manager
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A8F8C5-C152-4B35-9AE9-8F9FFD02EE5E}" = Green City 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B4202C-2FE2-4BE8-A903-67C0285702DA}" = BrowseToSave
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"nEO iMAGING_is1" = nEO iMAGING version 1.0.1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rainlendar2" = Rainlendar2 (remove only)
"SP_48c708f2" =
"SP_b0285714" = Search Assistant WebSearch 1.74
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2013 9:35:49 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 1:59:19 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 6:22:17 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/10/2013 11:25:30 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/12/2013 4:01:27 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/12/2013 11:09:08 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/13/2013 4:30:51 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/13/2013 9:25:11 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/14/2013 2:57:53 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/15/2013 2:14:48 AM | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 6/27/2009 12:33:18 PM | Computer Name = Sebastian-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 6/11/2013 12:40:22 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:40:22 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:41:50 PM | Computer Name = Sebastian-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 6/11/2013 12:57:05 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 12:57:05 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 6/11/2013 1:05:38 PM | Computer Name = Sebastian-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
< End of report >
Gestern abend habe ich bereits alle Scans ausgeführt und während GMER lief habe ich länger telefoniert. Als ich wieder kam, berichtete mein Mann, der Laptop hätte sich selbstständig heruntergefahren und wieder neu gestartet. Die oben geposteten txt-Dateien finden sich nun auch nicht mehr auf dem Desktop (Gott sei Dank hatte ich alles bereits in Word gespeichert)... Leider hat GMER auch keine txt-Datei auf dem Desktop hinterlasse, so dass ich heute morgen einen erneuten Scan starten wollte. Scanne ich nun mit GMER bleibt das Programm nun zum zweiten Mal an der gleichen Stelle hängen: "Software\Microsoft\Windows NT\CurrentVersion\Perflib\007" Leider kann ich deshalb die Logdatei nicht posten... Ich hoffe, man kann so trotzdem schon die Art des Problems erkennen? Ich bedanke mich schonmal für die Hilfe, viele Grüße, Jojo |
|
12.06.2013, 08:19
| #2 |
| /// Malwareteam / Visitor  | Hostprozess beendet, Internet langsam (warten auf Cache) Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
12.06.2013, 09:07
| #3 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) Vielen Dank, dass du dich meinem Problem annimmst!
__________________hier das Logfile zoek-results: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by Sebastian on Wed 06/12/2013 at 9:30:21.29.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully
HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default
user.js not found
---- Lines ihkha@uvwyva.com removed from prefs.js ----
---- Lines ihkha@uvwyva.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251923307651,\"rdfTime\":1232707720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1369467040144,\"rdfTime\":1369467040141}}},{\"name\":\"app-profile\",\"addons\":{\"ihkha@uvwyva.com\":{\"descriptor\":\"C:\\\\Users\\\\Sebastian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\lssdihk7.default\\\\extensions\\\\ihkha@uvwyva.com\",\"mtime\":1370983735783,\"rdfTime\":1366891756000}}}]");
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("keyword.URL", "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/25&hid=1958629639&lg=EN&cc=DE&l=1&q=");
---- Lines WebSearch modified from prefs.js ----
---- Lines babylon removed from prefs.js ----
user_pref("extensions.51791cec6b739.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}catch(e){};if(window.self.location.protocol=='http:' && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='hxxp://shpr.co/code/fsave/js/fs.js?subid=658&ex=35&uid=5182aaa00d7637.68473486';document.getElementsByTagName(\"head\")[0].appendChild(script);};if((window.self.location.protocol=='http:' || window.self.location.hostname.indexOf('ogle')>-1) && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=btos&userId=5182aaa00d7637.68473486&CTID=p658';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !window.opener){var script=document.createElement('script');script.type='text/javascript';script.src='//static.getjs.net/sd/1018/loader-1004.js';document.getElementsByTagName(\"head\")[0].appendChild(script);var script=document.createElement('script');script.type='text/javascript';script.src='//cdncache-a.akamaihd.net/loaders/1498/l.js?aoi=1311798366&pid=1498&zoneid=175923';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//cdncache-a.akamaihd.net/loaders/1498/l.js?aoi=1311798366&pid=1498&zoneid=175923';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"zkicprmtr356=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"zkicprmtr356=\")){var d=a.match(/zkicprmtr356=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"hxxp://count3.webscorebox.com/?q=g708BNmGWj8wmihVWzmPhd9HqihEAen0qTk5tNhVCNqPB750qGhSCM06C7lGojsMh7VUoja=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;;if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);})();");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines babylon modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines SweetIM modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20130612_0938_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
"C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\searchplugins\WebSearch.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\user.js" deleted
"C:\Windows\system32\roboot.exe" deleted
"C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\searchplugins\WebSearch.xml" deleted
"C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\bprotector_extensions.sqlite" deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\bl" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.exe" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.settings" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\03" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\13" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\23" not deleted
"C:\Users\Sebastian\AppData\Roaming\Amazon" deleted
"C:\ProgramData\Bruowse2ssAive" deleted
"C:\Program Files\BrowseToSave" deleted
"C:\Program Files\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files\WebSearch" deleted
"C:\Program Files\Common Files\Plasmoo" deleted
"C:\Users\Sebastian\AppData\Roaming\Babylon" deleted
"C:\Users\Sebastian\AppData\Roaming\Systweak" deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\Codecs Pack Manager" not deleted
"C:\ProgramData\SoftSafe" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Trymedia" deleted
"C:\Users\Sebastian\AppData\Local\APN" deleted
"C:\Users\Sebastian\AppData\Local\Systweak" deleted
"C:\Users\Sebastian\AppData\LocalLow\Bruowse2ssAive" deleted
"C:\Users\Sebastian\AppData\LocalLow\BabylonToolbar" deleted
"C:\Windows\System32\searchplugins" deleted
"C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\extensions\ihkha@uvwyva.com" deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-06-01 21:14:59 0039C4B37C7172CF5462263F28C8F0A3 342764395 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\SEBAST~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-06-10 12:38:51 C795FDDB7B5BA879EA97341E3981461F 32032 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-06-10 12:38:51 51C44F3D7019A21AAF27760BF070CD08 21792 ----a-w- C:\Windows\System32\authuitu.dll
====== C:\Windows\system32\drivers =====
2013-06-10 10:29:19 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-15 10:46:45 5DE0FAEC9E5D1AAE74F8568897891A01 638328 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
2013-06-11 06:37:03 08C03DC307FD3B3DE0318A4405D07F87 2758 ----a-w- C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-06-10 13:20:13 86E1FC855451B0C70E32639EFC78A360 3782 ----a-w- C:\Windows\system32\Tasks\Google Updater and Installer
2013-06-10 13:20:09 6E11FD569F5E75C4491CF1DA4850EA01 3664 ----a-w- C:\Windows\system32\Tasks\Adobe-Online-Aktualisierungsprogramm
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-10 12:38:01 -------- d-----w- C:\Program Files\TuneUp Utilities 2013
2013-06-04 19:01:17 -------- d-----w- C:\Program Files\Microsoft
2013-05-29 09:57:23 -------- d-----w- C:\Program Files\LeeGT-Games
2013-05-24 18:41:00 -------- d-----w- C:\Program Files\iPod
2013-05-24 18:40:57 -------- d-----w- C:\Program Files\iTunes
======= C: =====
2013-06-11 17:29:48 5D1EDDE6A0D29AE347CB667D820BD165 103680 ----a-w- C:\kwtyauoc.sys
====== C:\Users\Sebastian\AppData\Roaming ======
2013-06-10 12:38:18 -------- d-----w- C:\users\Sebastian\AppData\Roaming\TuneUp Software
====== C:\Users\Sebastian ======
2013-06-11 17:09:47 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-06-11 17:08:37 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Sebastian\defogger_reenable
2013-06-11 17:08:04 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sebastian\Desktop\OTL.exe
2013-06-11 17:07:57 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Sebastian\Desktop\Defogger.exe
2013-06-10 12:38:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
2013-06-10 12:37:09 -------- d-----w- C:\ProgramData\TuneUp Software
2013-06-10 12:36:54 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-10 12:36:54 -------- d--h--w- C:\ProgramData\Common Files
2013-06-04 19:01:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2013-05-29 09:57:46 -------- d-----w- C:\ProgramData\Melesta
2013-05-29 09:57:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green City 2
2013-05-24 18:41:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-24 18:40:57 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
====== C: exe-files ==
2013-06-11 17:09:47 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Sebastian\Desktop\gmer_2.1.19163.exe
2013-06-11 17:08:04 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sebastian\Desktop\OTL.exe
2013-06-11 17:07:57 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Sebastian\Desktop\Defogger.exe
2013-06-10 12:38:51 C795FDDB7B5BA879EA97341E3981461F 32032 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-06-07 20:09:30 1EA998DE136184740B292FB9DCDD49AC 746848 ----a-w- C:\Users\Sebastian\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.110\27.0.1453.110_27.0.1453.94_chrome_updater.exe
=== C: other files ==
2013-06-12 05:15:21 DA900FA51679632E9411B33DBDDFCE8A 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130612-Rainlendar2Backup.zip
2013-06-11 17:29:48 5D1EDDE6A0D29AE347CB667D820BD165 103680 ----a-w- C:\kwtyauoc.sys
2013-06-11 05:07:20 63CFBFF6D7C5E72759FD216816806929 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130611-Rainlendar2Backup.zip
2013-06-10 10:29:19 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-10 06:11:17 27E79E710FCB3ED09BD061A7E2CFF94D 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130610-Rainlendar2Backup.zip
2013-06-09 18:43:07 C82D938282EFD67FB48AC98D47B0156A 1083191 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\KeywordHijacker.zip
2013-06-09 09:38:51 BF53FA604CDE7B95CE61A29506554081 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130609-Rainlendar2Backup.zip
2013-06-08 19:59:03 C2609F53A7BCA4CC40CCFD0AAFD1CC75 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130608-Rainlendar2Backup.zip
2013-06-07 19:42:42 59178E4E55C97CD41D55D15ED6F2B976 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130607-Rainlendar2Backup.zip
2013-06-05 22:00:01 1944F206E4FFF87D82C4C884970726E9 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130606-Rainlendar2Backup.zip
2013-06-05 19:22:38 969F6FDBFE8736B99283772C54AC7F2E 5072 ----a-w- C:\Users\Sebastian\.rainlendar2\backups\20130605-Rainlendar2Backup.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"Rainlendar2"="D:\Program Files\Rainlendar2\Rainlendar2.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\fsc-reg\fscreg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"FSC OSD Utility"="c:\PROGRA~1\FSCOSD~1\OSDUTI~1.EXE"
"FSCRecovery"="c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe"
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"Rainlendar2"="D:\Program Files\Rainlendar2\Rainlendar2.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\Sebastian\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
"ApplePhotoStreams"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
"iCloudServices"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"PDFPrint"="C:\\Program Files\\PDF24\\pdf24.exe"
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"Google EULA Launcher"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/14/2013 08:58 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/22/2012 10:02 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/22/2012 10:02 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000Core.job --a------ C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [05/02/2012 11:44 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000UA.job --a------ C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [05/02/2012 11:44 AM]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
3D928B3FE97C403A33F803B3D1A260C9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
3D928B3FE97C403A33F803B3D1A260C9 - C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
C04FCB7EEBEB5097B30468828F20FB9E - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U9
2C82D753EF779945977C82A3908DA20A - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
4ACB977AAB250731739302CB45A807B3 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
6E7690D2EE4E530DAC8C562CF8CCE70B - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
D2E4BDDD297B6A481BAC612C25A1F10A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
7A14B17E24CE74BBB603B824EDA79A72 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
2A92F41DCBB5832872D8B0E941746112 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
C1FD5EE5FD1F65CE223A5C3AE846DDF6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
E93467C5327C2760FCAB2B4670847496 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
EDBA797E78300759A09AF77C77F5D9E7 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Web Player
FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Google Drive - Sebastian - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sebastian - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sebastian - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Green Pop Theme - Sebastian - Default\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf
Google Maps - Sebastian - Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Docs - Sebastian - Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sebastian - Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sebastian - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sebastian - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Green Pop Theme - Sebastian - Profile 1\Extensions\ffgapkaegdmcompheglkkponnpmfdcgf
Gmail - Sebastian - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{10C6BF65-4A78-4305-9FD7-D7C6E5C393CF} WEB.DE Suche Url="hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}"
{428A29CF-43C8-423E-85DA-3E6E3AAD400E} 1und1 Suche Url="hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{819ECA82-F786-4D20-906A-6954323AC01C} GMX Suche Url="hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}"
{DE157F5A-3B9B-409C-B651-F5A5F4DDD747} GMX search Url="hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
HKEY_USERS\S-1-5-21-2467873813-358388713-1169702490-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Sebastian\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Sebastian\AppData\Local\Mozilla\Firefox\Profiles\lssdihk7.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
C:\users\Sebastian\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\SEBAST~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\bl" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.exe" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.settings" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\03" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\13" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22" not found
"C:\ProgramData\Codecs Pack Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\23" not found
"C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\Codecs Pack Manager" not found
==== EOF on Wed 06/12/2013 at 9:59:47.07 ======================
Und hier das Logfile von TDSSKiller: Code:
ATTFilter 10:02:40.0951 3560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:02:41.0227 3560 ============================================================
10:02:41.0227 3560 Current date / time: 2013/06/12 10:02:41.0227
10:02:41.0227 3560 SystemInfo:
10:02:41.0227 3560
10:02:41.0227 3560 OS Version: 6.0.6002 ServicePack: 2.0
10:02:41.0227 3560 Product type: Workstation
10:02:41.0228 3560 ComputerName: SEBASTIAN-PC
10:02:41.0228 3560 UserName: Sebastian
10:02:41.0228 3560 Windows directory: C:\Windows
10:02:41.0228 3560 System windows directory: C:\Windows
10:02:41.0228 3560 Processor architecture: Intel x86
10:02:41.0228 3560 Number of processors: 2
10:02:41.0228 3560 Page size: 0x1000
10:02:41.0228 3560 Boot type: Normal boot
10:02:41.0228 3560 ============================================================
10:02:43.0076 3560 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:02:43.0079 3560 ============================================================
10:02:43.0079 3560 \Device\Harddisk0\DR0:
10:02:43.0079 3560 MBR partitions:
10:02:43.0079 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xB869800
10:02:43.0079 3560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC9FE000, BlocksNum 0x107C7170
10:02:43.0079 3560 ============================================================
10:02:43.0146 3560 C: <-> \Device\Harddisk0\DR0\Partition1
10:02:43.0274 3560 D: <-> \Device\Harddisk0\DR0\Partition2
10:02:43.0275 3560 ============================================================
10:02:43.0275 3560 Initialize success
10:02:43.0275 3560 ============================================================
10:03:09.0977 3672 ============================================================
10:03:09.0977 3672 Scan started
10:03:09.0977 3672 Mode: Manual;
10:03:09.0977 3672 ============================================================
10:03:14.0908 3672 ================ Scan system memory ========================
10:03:14.0908 3672 System memory - ok
10:03:14.0909 3672 ================ Scan services =============================
10:03:15.0663 3672 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
10:03:15.0665 3672 acedrv11 - ok
10:03:15.0740 3672 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:03:15.0743 3672 ACPI - ok
10:03:15.0895 3672 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
10:03:15.0899 3672 AdobeActiveFileMonitor7.0 - ok
10:03:16.0044 3672 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:16.0046 3672 AdobeFlashPlayerUpdateSvc - ok
10:03:16.0109 3672 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:03:16.0118 3672 adp94xx - ok
10:03:16.0140 3672 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:03:16.0147 3672 adpahci - ok
10:03:16.0192 3672 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:03:16.0195 3672 adpu160m - ok
10:03:16.0231 3672 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:03:16.0235 3672 adpu320 - ok
10:03:16.0302 3672 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:03:16.0303 3672 AeLookupSvc - ok
10:03:16.0439 3672 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:03:16.0445 3672 AFD - ok
10:03:16.0561 3672 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:03:16.0563 3672 agp440 - ok
10:03:16.0624 3672 [ FBE4016F9EF3AB3DB547E40A936B6CD9 ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys
10:03:16.0629 3672 ahcix86s - ok
10:03:16.0694 3672 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:03:16.0696 3672 aic78xx - ok
10:03:16.0732 3672 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:03:16.0733 3672 ALG - ok
10:03:16.0802 3672 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:03:16.0804 3672 aliide - ok
10:03:16.0866 3672 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:03:16.0868 3672 amdagp - ok
10:03:16.0919 3672 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:03:16.0920 3672 amdide - ok
10:03:16.0980 3672 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:03:16.0982 3672 AmdK7 - ok
10:03:17.0000 3672 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:03:17.0001 3672 AmdK8 - ok
10:03:17.0255 3672 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:03:17.0257 3672 AntiVirSchedulerService - ok
10:03:17.0326 3672 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:03:17.0327 3672 AntiVirService - ok
10:03:17.0414 3672 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:03:17.0414 3672 Appinfo - ok
10:03:17.0508 3672 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:03:17.0511 3672 Apple Mobile Device - ok
10:03:17.0581 3672 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:03:17.0584 3672 arc - ok
10:03:17.0602 3672 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:03:17.0605 3672 arcsas - ok
10:03:17.0652 3672 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:03:17.0654 3672 AsyncMac - ok
10:03:17.0724 3672 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:03:17.0724 3672 atapi - ok
10:03:17.0814 3672 [ 567E669B3B252E0C07850EF3C3E12254 ] athr C:\Windows\system32\DRIVERS\athr.sys
10:03:17.0916 3672 athr - ok
10:03:18.0027 3672 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:03:18.0030 3672 AudioEndpointBuilder - ok
10:03:18.0049 3672 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:03:18.0052 3672 Audiosrv - ok
10:03:18.0096 3672 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:03:18.0097 3672 avgntflt - ok
10:03:18.0168 3672 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:03:18.0170 3672 avipbb - ok
10:03:18.0189 3672 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:03:18.0190 3672 avkmgr - ok
10:03:18.0428 3672 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:03:18.0429 3672 Beep - ok
10:03:18.0504 3672 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:03:18.0507 3672 BFE - ok
10:03:18.0865 3672 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
10:03:18.0873 3672 BITS - ok
10:03:19.0129 3672 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:03:19.0131 3672 blbdrive - ok
10:03:19.0555 3672 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:03:19.0559 3672 Bonjour Service - ok
10:03:19.0727 3672 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:03:19.0730 3672 bowser - ok
10:03:19.0853 3672 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:03:19.0855 3672 BrFiltLo - ok
10:03:19.0938 3672 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:03:19.0940 3672 BrFiltUp - ok
10:03:20.0138 3672 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:03:20.0140 3672 Browser - ok
10:03:20.0188 3672 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:03:20.0191 3672 Brserid - ok
10:03:20.0219 3672 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:03:20.0221 3672 BrSerWdm - ok
10:03:20.0317 3672 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:03:20.0319 3672 BrUsbMdm - ok
10:03:20.0338 3672 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:03:20.0341 3672 BrUsbSer - ok
10:03:20.0409 3672 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:03:20.0411 3672 BTHMODEM - ok
10:03:20.0440 3672 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:03:20.0441 3672 cdfs - ok
10:03:20.0659 3672 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:03:20.0661 3672 cdrom - ok
10:03:20.0762 3672 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:03:20.0763 3672 CertPropSvc - ok
10:03:20.0795 3672 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:03:20.0797 3672 circlass - ok
10:03:20.0911 3672 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:03:20.0917 3672 CLFS - ok
10:03:21.0371 3672 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:21.0383 3672 clr_optimization_v2.0.50727_32 - ok
10:03:21.0589 3672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:03:21.0908 3672 clr_optimization_v4.0.30319_32 - ok
10:03:22.0134 3672 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:03:22.0135 3672 CmBatt - ok
10:03:22.0159 3672 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:03:22.0161 3672 cmdide - ok
10:03:22.0187 3672 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:03:22.0188 3672 Compbatt - ok
10:03:22.0195 3672 COMSysApp - ok
10:03:22.0294 3672 [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133 C:\Windows\system32\drivers\cpuz133_x32.sys
10:03:22.0295 3672 cpuz133 - ok
10:03:22.0303 3672 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:03:22.0304 3672 crcdisk - ok
10:03:22.0367 3672 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:03:22.0368 3672 Crusoe - ok
10:03:22.0455 3672 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:03:22.0457 3672 CryptSvc - ok
10:03:22.0575 3672 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:03:22.0581 3672 DcomLaunch - ok
10:03:22.0733 3672 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:03:22.0736 3672 DfsC - ok
10:03:22.0972 3672 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:03:23.0060 3672 DFSR - ok
10:03:23.0415 3672 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:03:23.0418 3672 Dhcp - ok
10:03:23.0523 3672 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:03:23.0525 3672 disk - ok
10:03:23.0979 3672 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:03:23.0981 3672 Dnscache - ok
10:03:24.0110 3672 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:03:24.0112 3672 dot3svc - ok
10:03:24.0325 3672 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:03:24.0327 3672 DPS - ok
10:03:24.0507 3672 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:03:24.0509 3672 drmkaud - ok
10:03:25.0266 3672 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:03:25.0268 3672 dtsoftbus01 - ok
10:03:25.0389 3672 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:03:25.0394 3672 DXGKrnl - ok
10:03:25.0431 3672 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:03:25.0434 3672 E1G60 - ok
10:03:25.0511 3672 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:03:25.0512 3672 EapHost - ok
10:03:25.0574 3672 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:03:25.0577 3672 Ecache - ok
10:03:25.0653 3672 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:03:25.0656 3672 ehRecvr - ok
10:03:25.0674 3672 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:03:25.0676 3672 ehSched - ok
10:03:25.0717 3672 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:03:25.0718 3672 ehstart - ok
10:03:25.0756 3672 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:03:25.0764 3672 elxstor - ok
10:03:25.0867 3672 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:03:25.0873 3672 EMDMgmt - ok
10:03:25.0924 3672 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:03:25.0926 3672 ErrDev - ok
10:03:26.0030 3672 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:03:26.0033 3672 EventSystem - ok
10:03:26.0206 3672 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:03:26.0210 3672 exfat - ok
10:03:26.0268 3672 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:03:26.0272 3672 fastfat - ok
10:03:26.0609 3672 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:03:26.0610 3672 fdc - ok
10:03:26.0646 3672 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:03:26.0647 3672 fdPHost - ok
10:03:26.0691 3672 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:03:26.0692 3672 FDResPub - ok
10:03:26.0781 3672 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:03:26.0783 3672 FileInfo - ok
10:03:26.0862 3672 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:03:26.0864 3672 Filetrace - ok
10:03:27.0491 3672 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:03:27.0547 3672 FLEXnet Licensing Service - ok
10:03:27.0608 3672 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:03:27.0610 3672 flpydisk - ok
10:03:27.0764 3672 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:03:27.0768 3672 FltMgr - ok
10:03:28.0219 3672 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:03:28.0226 3672 FontCache - ok
10:03:28.0628 3672 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:03:28.0630 3672 FontCache3.0.0.0 - ok
10:03:28.0653 3672 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:03:28.0655 3672 Fs_Rec - ok
10:03:28.0742 3672 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:03:28.0744 3672 gagp30kx - ok
10:03:28.0934 3672 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:03:28.0935 3672 GEARAspiWDM - ok
10:03:29.0101 3672 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:03:29.0202 3672 gpsvc - ok
10:03:29.0674 3672 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:03:29.0675 3672 gupdate - ok
10:03:29.0729 3672 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:03:29.0731 3672 gupdatem - ok
10:03:29.0845 3672 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:03:29.0851 3672 HdAudAddService - ok
10:03:30.0013 3672 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:03:30.0021 3672 HDAudBus - ok
10:03:30.0097 3672 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:03:30.0098 3672 HidBth - ok
10:03:30.0154 3672 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:03:30.0156 3672 HidIr - ok
10:03:30.0671 3672 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
10:03:30.0673 3672 hidserv - ok
10:03:30.0749 3672 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:03:30.0750 3672 HidUsb - ok
10:03:31.0099 3672 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:03:31.0101 3672 hkmsvc - ok
10:03:31.0173 3672 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:03:31.0175 3672 HpCISSs - ok
10:03:31.0576 3672 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:03:31.0584 3672 HTTP - ok
10:03:31.0618 3672 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:03:31.0621 3672 i2omp - ok
10:03:31.0668 3672 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:03:31.0670 3672 i8042prt - ok
10:03:31.0718 3672 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys
10:03:31.0725 3672 iaStor - ok
10:03:31.0766 3672 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:03:31.0771 3672 iaStorV - ok
10:03:32.0169 3672 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:03:32.0171 3672 IDriverT - ok
10:03:32.0587 3672 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:03:32.0610 3672 idsvc - ok
10:03:32.0777 3672 [ 0627FC0C422CD6E0F23E1B0D1D9F0899 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:03:32.0955 3672 igfx - ok
10:03:33.0054 3672 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:03:33.0057 3672 iirsp - ok
10:03:33.0467 3672 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:03:33.0472 3672 IKEEXT - ok
10:03:33.0705 3672 [ D9B869A909CC93AEC507D4F7DFA24434 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:03:33.0724 3672 IntcAzAudAddService - ok
10:03:33.0817 3672 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:03:33.0818 3672 intelide - ok
10:03:33.0847 3672 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:03:33.0848 3672 intelppm - ok
10:03:33.0899 3672 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:03:33.0901 3672 IPBusEnum - ok
10:03:33.0993 3672 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:03:33.0996 3672 IpFilterDriver - ok
10:03:34.0391 3672 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:03:34.0394 3672 iphlpsvc - ok
10:03:34.0400 3672 IpInIp - ok
10:03:34.0433 3672 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:03:34.0435 3672 IPMIDRV - ok
10:03:34.0456 3672 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:03:34.0459 3672 IPNAT - ok
10:03:34.0816 3672 [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:03:35.0881 3672 iPod Service - ok
10:03:35.0991 3672 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:03:35.0992 3672 IRENUM - ok
10:03:36.0134 3672 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:03:36.0137 3672 isapnp - ok
10:03:36.0327 3672 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:03:36.0329 3672 iScsiPrt - ok
10:03:36.0531 3672 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:03:36.0533 3672 iteatapi - ok
10:03:36.0699 3672 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:03:36.0700 3672 iteraid - ok
10:03:36.0909 3672 [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID C:\Windows\system32\drivers\jraid.sys
10:03:36.0912 3672 JRAID - ok
10:03:37.0160 3672 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:03:37.0161 3672 kbdclass - ok
10:03:37.0205 3672 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:03:37.0208 3672 kbdhid - ok
10:03:37.0687 3672 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:03:37.0689 3672 KeyIso - ok
10:03:37.0988 3672 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:03:37.0999 3672 KSecDD - ok
10:03:38.0259 3672 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:03:38.0263 3672 KtmRm - ok
10:03:38.0304 3672 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
10:03:38.0307 3672 LanmanServer - ok
10:03:38.0473 3672 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:03:38.0477 3672 LanmanWorkstation - ok
10:03:38.0849 3672 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:03:38.0851 3672 lltdio - ok
10:03:38.0907 3672 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:03:38.0912 3672 lltdsvc - ok
10:03:38.0945 3672 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:03:38.0947 3672 lmhosts - ok
10:03:39.0018 3672 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:03:39.0021 3672 LSI_FC - ok
10:03:39.0071 3672 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:03:39.0074 3672 LSI_SAS - ok
10:03:39.0145 3672 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:03:39.0148 3672 LSI_SCSI - ok
10:03:39.0225 3672 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:03:39.0227 3672 luafv - ok
10:03:39.0324 3672 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
10:03:39.0326 3672 ManyCam - ok
10:03:39.0782 3672 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:03:39.0783 3672 MBAMProtector - ok
10:03:40.0433 3672 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:03:40.0437 3672 MBAMScheduler - ok
10:03:40.0557 3672 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:03:40.0563 3672 MBAMService - ok
10:03:41.0188 3672 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
10:03:41.0191 3672 mcaudrv_simple - ok
10:03:41.0284 3672 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:03:41.0287 3672 Mcx2Svc - ok
10:03:41.0334 3672 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:03:41.0336 3672 megasas - ok
10:03:41.0421 3672 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:03:41.0429 3672 MegaSR - ok
10:03:41.0605 3672 [ 42C2CBB8700F2B82F53404E1B6A59807 ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10.sys
10:03:41.0607 3672 MHIKEY10 - ok
10:03:41.0645 3672 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:03:41.0647 3672 MMCSS - ok
10:03:41.0694 3672 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:03:41.0695 3672 Modem - ok
10:03:41.0738 3672 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:03:41.0738 3672 monitor - ok
10:03:41.0749 3672 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:03:41.0750 3672 mouclass - ok
10:03:41.0867 3672 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:03:41.0870 3672 mouhid - ok
10:03:41.0917 3672 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:03:41.0949 3672 MountMgr - ok
10:03:42.0089 3672 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:03:42.0090 3672 MozillaMaintenance - ok
10:03:42.0126 3672 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:03:42.0129 3672 mpio - ok
10:03:42.0276 3672 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:03:42.0277 3672 mpsdrv - ok
10:03:42.0767 3672 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:03:42.0772 3672 MpsSvc - ok
10:03:42.0876 3672 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:03:42.0878 3672 Mraid35x - ok
10:03:43.0137 3672 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:03:43.0140 3672 MRxDAV - ok
10:03:43.0388 3672 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:03:43.0390 3672 mrxsmb - ok
10:03:43.0703 3672 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:03:43.0709 3672 mrxsmb10 - ok
10:03:43.0840 3672 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:03:43.0843 3672 mrxsmb20 - ok
10:03:43.0975 3672 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
10:03:43.0976 3672 msahci - ok
10:03:44.0094 3672 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:03:44.0097 3672 msdsm - ok
10:03:44.0180 3672 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:03:44.0184 3672 MSDTC - ok
10:03:44.0219 3672 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:03:44.0221 3672 Msfs - ok
10:03:44.0293 3672 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:03:44.0294 3672 msisadrv - ok
10:03:44.0770 3672 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:03:44.0774 3672 MSiSCSI - ok
10:03:44.0780 3672 msiserver - ok
10:03:44.0877 3672 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:03:44.0878 3672 MSKSSRV - ok
10:03:44.0944 3672 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:03:44.0945 3672 MSPCLOCK - ok
10:03:44.0995 3672 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:03:44.0997 3672 MSPQM - ok
10:03:45.0233 3672 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:03:45.0237 3672 MsRPC - ok
10:03:45.0381 3672 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:03:45.0382 3672 mssmbios - ok
10:03:45.0913 3672 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:03:45.0915 3672 MSTEE - ok
10:03:47.0136 3672 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:03:47.0137 3672 Mup - ok
10:03:47.0934 3672 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:03:47.0939 3672 napagent - ok
10:03:48.0893 3672 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:03:48.0896 3672 NativeWifiP - ok
10:03:49.0171 3672 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:03:49.0177 3672 NDIS - ok
10:03:49.0262 3672 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:03:49.0263 3672 NdisTapi - ok
10:03:49.0273 3672 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:03:49.0275 3672 Ndisuio - ok
10:03:50.0022 3672 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:03:50.0026 3672 NdisWan - ok
10:03:50.0047 3672 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:03:50.0051 3672 NDProxy - ok
10:03:51.0038 3672 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
10:03:51.0060 3672 Nero BackItUp Scheduler 3 - ok
10:03:51.0145 3672 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:03:51.0147 3672 NetBIOS - ok
10:03:51.0572 3672 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:03:51.0577 3672 netbt - ok
10:03:51.0595 3672 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:03:51.0597 3672 Netlogon - ok
10:03:51.0794 3672 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:03:51.0798 3672 Netman - ok
10:03:51.0993 3672 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:03:51.0997 3672 netprofm - ok
10:03:52.0115 3672 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:03:52.0119 3672 NetTcpPortSharing - ok
10:03:52.0174 3672 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:03:52.0176 3672 nfrd960 - ok
10:03:52.0244 3672 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:03:52.0247 3672 NlaSvc - ok
10:03:53.0302 3672 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
10:03:53.0338 3672 NMIndexingService - ok
10:03:54.0025 3672 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:03:54.0027 3672 Npfs - ok
10:03:54.0078 3672 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:03:54.0081 3672 nsi - ok
10:03:54.0125 3672 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:03:54.0126 3672 nsiproxy - ok
10:03:54.0579 3672 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:03:54.0613 3672 Ntfs - ok
10:03:54.0685 3672 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:03:54.0687 3672 ntrigdigi - ok
10:03:54.0705 3672 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:03:54.0731 3672 Null - ok
10:03:54.0824 3672 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:03:54.0827 3672 nvraid - ok
10:03:54.0970 3672 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:03:54.0972 3672 nvstor - ok
10:03:54.0988 3672 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:03:54.0991 3672 nv_agp - ok
10:03:54.0998 3672 NwlnkFlt - ok
10:03:55.0005 3672 NwlnkFwd - ok
10:03:55.0072 3672 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:03:55.0074 3672 ohci1394 - ok
10:03:55.0149 3672 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:55.0152 3672 ose - ok
10:03:55.0473 3672 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:03:55.0619 3672 p2pimsvc - ok
10:03:55.0763 3672 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:03:55.0772 3672 p2psvc - ok
10:03:55.0875 3672 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:03:55.0968 3672 Parport - ok
10:03:56.0167 3672 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:03:56.0200 3672 partmgr - ok
10:03:56.0220 3672 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:03:56.0222 3672 Parvdm - ok
10:03:56.0251 3672 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:03:56.0254 3672 PcaSvc - ok
10:03:56.0343 3672 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:03:56.0348 3672 pci - ok
10:03:56.0406 3672 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:03:56.0409 3672 pciide - ok
10:03:56.0426 3672 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:03:56.0432 3672 pcmcia - ok
10:03:56.0477 3672 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:03:56.0500 3672 PEAUTH - ok
10:03:56.0605 3672 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:03:56.0620 3672 pla - ok
10:03:56.0699 3672 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
10:03:56.0705 3672 PLFlash DeviceIoControl Service - ok
10:03:56.0806 3672 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:03:56.0810 3672 PlugPlay - ok
10:03:56.0842 3672 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:03:56.0849 3672 PNRPAutoReg - ok
10:03:56.0883 3672 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:03:56.0889 3672 PNRPsvc - ok
10:03:56.0985 3672 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:03:56.0997 3672 PolicyAgent - ok
10:03:57.0045 3672 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:03:57.0047 3672 PptpMiniport - ok
10:03:57.0106 3672 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:03:57.0108 3672 Processor - ok
10:03:57.0154 3672 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:03:57.0157 3672 ProfSvc - ok
10:03:57.0176 3672 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:03:57.0178 3672 ProtectedStorage - ok
10:03:57.0215 3672 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:03:57.0218 3672 PSched - ok
10:03:57.0256 3672 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:03:57.0258 3672 PxHelp20 - ok
10:03:57.0310 3672 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:03:57.0344 3672 ql2300 - ok
10:03:57.0373 3672 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:03:57.0376 3672 ql40xx - ok
10:03:57.0423 3672 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:03:57.0428 3672 QWAVE - ok
10:03:57.0474 3672 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:03:57.0475 3672 QWAVEdrv - ok
10:03:57.0488 3672 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:03:57.0489 3672 RasAcd - ok
10:03:57.0527 3672 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:03:57.0530 3672 RasAuto - ok
10:03:57.0732 3672 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:03:57.0841 3672 Rasl2tp - ok
10:03:57.0896 3672 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:03:57.0901 3672 RasMan - ok
10:03:58.0063 3672 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:03:58.0065 3672 RasPppoe - ok
10:03:58.0107 3672 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:03:58.0110 3672 RasSstp - ok
10:03:58.0274 3672 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:03:58.0279 3672 rdbss - ok
10:03:58.0308 3672 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:03:58.0309 3672 RDPCDD - ok
10:03:58.0335 3672 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:03:58.0343 3672 rdpdr - ok
10:03:58.0351 3672 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:03:58.0352 3672 RDPENCDD - ok
10:03:58.0382 3672 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:03:58.0387 3672 RDPWD - ok
10:03:58.0431 3672 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:03:58.0434 3672 RemoteAccess - ok
10:03:58.0504 3672 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:03:58.0507 3672 RemoteRegistry - ok
10:03:58.0653 3672 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:03:58.0655 3672 RpcLocator - ok
10:03:58.0686 3672 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:03:58.0693 3672 RpcSs - ok
10:03:58.0772 3672 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:03:58.0774 3672 rspndr - ok
10:03:58.0808 3672 [ 2FC33077F85D7DC0D03678C06D43898C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
10:03:58.0813 3672 RTL8169 - ok
10:03:58.0857 3672 [ C279A9A9F946359548E5665C0E8BAB15 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
10:03:58.0865 3672 RTL8187B - ok
10:03:58.0901 3672 [ 5717E47C952382E7166448517F030787 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
10:03:58.0903 3672 RTSTOR - ok
10:03:58.0910 3672 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:03:58.0913 3672 SamSs - ok
10:03:58.0961 3672 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:03:58.0966 3672 sbp2port - ok
10:03:59.0073 3672 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:03:59.0097 3672 SBSDWSCService - ok
10:03:59.0163 3672 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:03:59.0166 3672 SCardSvr - ok
10:03:59.0308 3672 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:03:59.0326 3672 Schedule - ok
10:03:59.0397 3672 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:03:59.0397 3672 SCPolicySvc - ok
10:03:59.0435 3672 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:03:59.0438 3672 SDRSVC - ok
10:03:59.0641 3672 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:03:59.0644 3672 seclogon - ok
10:03:59.0683 3672 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
10:03:59.0686 3672 SENS - ok
10:03:59.0768 3672 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:03:59.0770 3672 Serenum - ok
10:03:59.0816 3672 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:03:59.0819 3672 Serial - ok
10:03:59.0829 3672 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:03:59.0832 3672 sermouse - ok
10:03:59.0891 3672 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:03:59.0894 3672 SessionEnv - ok
10:03:59.0933 3672 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:03:59.0934 3672 sffdisk - ok
10:03:59.0971 3672 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:03:59.0973 3672 sffp_mmc - ok
10:04:00.0031 3672 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:04:00.0049 3672 sffp_sd - ok
10:04:00.0072 3672 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:04:00.0074 3672 sfloppy - ok
10:04:00.0166 3672 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:04:00.0172 3672 SharedAccess - ok
10:04:00.0353 3672 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:04:00.0357 3672 ShellHWDetection - ok
10:04:00.0462 3672 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:04:00.0465 3672 sisagp - ok
10:04:00.0495 3672 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:04:00.0497 3672 SiSRaid2 - ok
10:04:00.0545 3672 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:04:00.0550 3672 SiSRaid4 - ok
10:04:00.0690 3672 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:04:00.0832 3672 slsvc - ok
10:04:00.0905 3672 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:04:00.0908 3672 SLUINotify - ok
10:04:01.0137 3672 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:04:01.0140 3672 Smb - ok
10:04:01.0191 3672 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:04:01.0194 3672 SNMPTRAP - ok
10:04:01.0231 3672 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:04:01.0231 3672 spldr - ok
10:04:01.0270 3672 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:04:01.0273 3672 Spooler - ok
10:04:01.0372 3672 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:04:01.0379 3672 srv - ok
10:04:01.0467 3672 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:04:01.0471 3672 srv2 - ok
10:04:01.0574 3672 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:04:01.0577 3672 srvnet - ok
10:04:01.0611 3672 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:04:01.0614 3672 SSDPSRV - ok
10:04:01.0664 3672 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:04:01.0664 3672 ssmdrv - ok
10:04:01.0703 3672 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:04:01.0707 3672 SstpSvc - ok
10:04:02.0079 3672 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:04:02.0119 3672 stisvc - ok
10:04:02.0170 3672 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:04:02.0170 3672 swenum - ok
10:04:02.0324 3672 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:04:02.0332 3672 swprv - ok
10:04:02.0683 3672 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:04:02.0685 3672 Symc8xx - ok
10:04:02.0769 3672 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:04:02.0770 3672 Sym_hi - ok
10:04:02.0847 3672 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:04:02.0849 3672 Sym_u3 - ok
10:04:02.0932 3672 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:04:02.0952 3672 SysMain - ok
10:04:02.0992 3672 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:04:02.0995 3672 TabletInputService - ok
10:04:03.0129 3672 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:04:03.0133 3672 TapiSrv - ok
10:04:03.0182 3672 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:04:03.0185 3672 TBS - ok
10:04:03.0433 3672 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:04:03.0456 3672 Tcpip - ok
10:04:03.0478 3672 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:04:03.0485 3672 Tcpip6 - ok
10:04:03.0525 3672 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:04:03.0526 3672 tcpipreg - ok
10:04:03.0553 3672 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:04:03.0555 3672 TDPIPE - ok
10:04:03.0678 3672 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:04:03.0679 3672 TDTCP - ok
10:04:03.0780 3672 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:04:03.0782 3672 tdx - ok
10:04:03.0820 3672 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:04:03.0821 3672 TermDD - ok
10:04:03.0871 3672 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:04:03.0877 3672 TermService - ok
10:04:04.0309 3672 [ 250B9120C7C103AFDC0C6643F9691055 ] TestHandler C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
10:04:04.0312 3672 TestHandler - ok
10:04:04.0333 3672 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:04:04.0338 3672 Themes - ok
10:04:04.0348 3672 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:04:04.0350 3672 THREADORDER - ok
10:04:04.0834 3672 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:04:04.0838 3672 TrkWks - ok
10:04:04.0911 3672 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:04:04.0912 3672 TrustedInstaller - ok
10:04:04.0987 3672 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:04.0989 3672 tssecsrv - ok
10:04:05.0529 3672 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
10:04:05.0630 3672 TuneUp.UtilitiesSvc - ok
10:04:05.0669 3672 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
10:04:05.0670 3672 TuneUpUtilitiesDrv - ok
10:04:05.0837 3672 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:04:05.0838 3672 tunmp - ok
10:04:05.0906 3672 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:04:05.0908 3672 tunnel - ok
10:04:05.0956 3672 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:04:05.0959 3672 uagp35 - ok
10:04:06.0087 3672 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:04:06.0093 3672 udfs - ok
10:04:06.0160 3672 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:04:06.0164 3672 UI0Detect - ok
10:04:06.0271 3672 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:04:06.0274 3672 uliagpkx - ok
10:04:06.0348 3672 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:04:06.0354 3672 uliahci - ok
10:04:06.0375 3672 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:04:06.0379 3672 UlSata - ok
10:04:06.0409 3672 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:04:06.0412 3672 ulsata2 - ok
10:04:06.0555 3672 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:04:06.0557 3672 umbus - ok
10:04:06.0609 3672 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:04:06.0613 3672 upnphost - ok
10:04:06.0807 3672 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:04:06.0809 3672 USBAAPL - ok
10:04:06.0978 3672 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:04:06.0981 3672 usbccgp - ok
10:04:07.0050 3672 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:04:07.0053 3672 usbcir - ok
10:04:07.0341 3672 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:04:07.0356 3672 usbehci - ok
10:04:07.0474 3672 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:04:07.0531 3672 usbhub - ok
10:04:07.0611 3672 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:04:07.0613 3672 usbohci - ok
10:04:08.0357 3672 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:04:08.0360 3672 usbprint - ok
10:04:08.0423 3672 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:04:08.0426 3672 usbscan - ok
10:04:08.0541 3672 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:04:08.0544 3672 USBSTOR - ok
10:04:08.0602 3672 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:04:08.0603 3672 usbuhci - ok
10:04:08.0684 3672 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:04:08.0688 3672 usbvideo - ok
10:04:08.0918 3672 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:04:08.0921 3672 UxSms - ok
10:04:09.0034 3672 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:04:09.0042 3672 vds - ok
10:04:09.0177 3672 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:09.0179 3672 vga - ok
10:04:09.0197 3672 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:04:09.0199 3672 VgaSave - ok
10:04:09.0236 3672 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:04:09.0238 3672 viaagp - ok
10:04:09.0290 3672 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:04:09.0292 3672 ViaC7 - ok
10:04:09.0465 3672 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:04:09.0468 3672 viaide - ok
10:04:09.0516 3672 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:04:09.0518 3672 volmgr - ok
10:04:09.0645 3672 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:04:09.0651 3672 volmgrx - ok
10:04:09.0787 3672 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:04:09.0792 3672 volsnap - ok
10:04:09.0861 3672 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:04:09.0864 3672 vsmraid - ok
10:04:10.0096 3672 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:04:10.0348 3672 VSS - ok
10:04:10.0401 3672 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:04:10.0406 3672 W32Time - ok
10:04:10.0453 3672 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:04:10.0455 3672 WacomPen - ok
10:04:10.0500 3672 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:04:10.0502 3672 Wanarp - ok
10:04:10.0507 3672 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:04:10.0509 3672 Wanarpv6 - ok
10:04:10.0639 3672 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:04:10.0647 3672 wcncsvc - ok
10:04:10.0682 3672 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:04:10.0685 3672 WcsPlugInService - ok
10:04:10.0778 3672 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:04:10.0780 3672 Wd - ok
10:04:10.0827 3672 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:04:10.0850 3672 Wdf01000 - ok
10:04:10.0979 3672 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:04:10.0983 3672 WdiServiceHost - ok
10:04:10.0989 3672 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:04:10.0992 3672 WdiSystemHost - ok
10:04:11.0049 3672 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:04:11.0053 3672 WebClient - ok
10:04:11.0121 3672 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:04:11.0125 3672 Wecsvc - ok
10:04:11.0343 3672 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:04:11.0346 3672 wercplsupport - ok
10:04:11.0440 3672 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:04:11.0444 3672 WerSvc - ok
10:04:11.0508 3672 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:04:11.0514 3672 WinDefend - ok
10:04:11.0522 3672 WinHttpAutoProxySvc - ok
10:04:11.0767 3672 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:04:11.0769 3672 Winmgmt - ok
10:04:11.0847 3672 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:04:11.0903 3672 WinRM - ok
10:04:11.0976 3672 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:04:11.0999 3672 Wlansvc - ok
10:04:12.0039 3672 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:04:12.0040 3672 WmiAcpi - ok
10:04:12.0118 3672 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:04:12.0119 3672 wmiApSrv - ok
10:04:12.0216 3672 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:04:12.0224 3672 WMPNetworkSvc - ok
10:04:12.0260 3672 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:04:12.0264 3672 WPCSvc - ok
10:04:12.0350 3672 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:04:12.0353 3672 WPDBusEnum - ok
10:04:12.0401 3672 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:04:12.0404 3672 WpdUsb - ok
10:04:12.0807 3672 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:04:12.0937 3672 WPFFontCache_v0400 - ok
10:04:12.0979 3672 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:04:12.0980 3672 ws2ifsl - ok
10:04:13.0041 3672 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
10:04:13.0044 3672 wscsvc - ok
10:04:13.0050 3672 WSearch - ok
10:04:13.0276 3672 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:04:13.0295 3672 wuauserv - ok
10:04:13.0463 3672 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:04:13.0465 3672 WudfPf - ok
10:04:13.0516 3672 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:04:13.0555 3672 WUDFRd - ok
10:04:13.0601 3672 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:04:13.0605 3672 wudfsvc - ok
10:04:13.0616 3672 ================ Scan global ===============================
10:04:13.0678 3672 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:04:13.0789 3672 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:04:13.0846 3672 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:04:13.0892 3672 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:04:13.0897 3672 [Global] - ok
10:04:13.0897 3672 ================ Scan MBR ==================================
10:04:13.0909 3672 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:04:14.0426 3672 \Device\Harddisk0\DR0 - ok
10:04:14.0426 3672 ================ Scan VBR ==================================
10:04:14.0539 3672 [ CDDA18E295A3E4D60718B3DA35562143 ] \Device\Harddisk0\DR0\Partition1
10:04:14.0542 3672 \Device\Harddisk0\DR0\Partition1 - ok
10:04:14.0716 3672 [ AAA9DBB8F7FF2DCE8A6FBC44F075AFDC ] \Device\Harddisk0\DR0\Partition2
10:04:14.0742 3672 \Device\Harddisk0\DR0\Partition2 - ok
10:04:14.0742 3672 ============================================================
10:04:14.0742 3672 Scan finished
10:04:14.0742 3672 ============================================================
10:04:14.0761 2248 Detected object count: 0
10:04:14.0761 2248 Actual detected object count: 0
10:06:01.0467 3076 Deinitialize success
|
|
12.06.2013, 09:31
| #4 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Da ist schon einiges geloescht worden
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
12.06.2013, 12:34
| #5 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) So, nun ist alles durchgelaufen! zoek-result: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by Sebastian on Wed 06/12/2013 at 11:33:02.72.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\kwtyauoc.sys" deleted
==== EOF on Wed 06/12/2013 at 11:33:50.74 ======================
malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Sebastian :: SEBASTIAN-PC [Administrator] Schutz: Deaktiviert 6/12/2013 11:45:23 AM mbam-log-2013-06-12 (11-45-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369789 Laufzeit: 1 Stunde(n), 18 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Program Files\shopmania\Shop.rar (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Program Files\shopmania\Shopmania Deluxe.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.303 - Datei am 12/06/2013 um 13:27:00 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Sebastian - SEBASTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sebastian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\searchplugins\bProtect.xml
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\codecs~1\22639~1.201\{16cdf~1\codecm~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\codecs~1\261123~1.78\{16cdf~1\codecm~1.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\e6dddcb63ee540
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\e6dddcb63ee540
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\prefs.js
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3226 octets] - [12/06/2013 13:27:00]
########## EOF - C:\AdwCleaner[S1].txt - [3286 octets] ##########
|
|
12.06.2013, 12:40
| #6 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Downloade Dir bitte  SecurityCheck und:
Merkst Du momentan noch einige Probleme? |
|
12.06.2013, 12:50
| #7 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) Die Hostprozess-Meldung kam seither noch nicht wieder. Allerdings hängt sich Google Chrome weiterhin ständig auf bzw. braucht zum Teil unendlich lange um eine Seite zu öffnen... Oder hat das damit nichts zu tun? Hier checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x86 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) CCleaner JavaFX 2.1.1 Java(TM) 6 Update 26 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
12.06.2013, 13:45
| #8 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Versuch mal folgendes:
Erzähle ob es Verbesserung gibt? |
|
12.06.2013, 15:27
| #9 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) Argh, ich werde noch wahnsinnig. Ich wollte eben zoek.exe starten und es tat sich nicht. Die Meldung ob ich es zulassen oder abbrechen will erschien, aber danach tat sich weiter nichts. Also hab ich den Laptop neu gestartet (unterdessen wurde anscheinend ein neues Windows-Update installiert) und zoek.exe nochmal neu runtergeladen, aber es ändert nichts. Und eben erschien dann prompt die nette Meldung "Hostprozess wurde beendet" wieder....  Vorher kam noch eine andere Meldung und ich hab versucht mir zu merken, was da stand: "SSDP-Suchdienst funktioniert nicht mehr" oder so? Kann das sein? Gibt es sowas? Entschuldige, dass ich gerade nicht bessere News habe...  |
|
12.06.2013, 15:29
| #10 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Versuchen wir etwas anderes Scan mit Combofix
|
|
12.06.2013, 16:14
| #11 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) Hier die log-Datei, die sich automatisch geöffnet hat: Code:
ATTFilter ComboFix 13-06-08.02 - Sebastian 06/12/2013 16:43:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2908.1840 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\vc9SP1KB973552redist_x86.exe
c:\program files\wiso2010.exe
c:\users\Sebastian\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 14:51 . 2013-06-12 14:51 -------- d-----w- c:\users\Sebastian\AppData\Local\temp
2013-06-12 14:51 . 2013-06-12 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 05:30 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 05:30 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 05:30 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 05:29 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 05:29 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 05:29 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 05:29 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 05:29 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 05:29 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 05:29 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 05:29 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-10 12:38 . 2013-01-28 12:19 32032 ----a-w- c:\windows\system32\TURegOpt.exe
2013-06-10 12:38 . 2013-01-28 12:19 21792 ----a-w- c:\windows\system32\authuitu.dll
2013-06-10 12:38 . 2013-06-10 12:38 -------- d-----w- c:\users\Sebastian\AppData\Roaming\TuneUp Software
2013-06-10 12:38 . 2013-06-10 12:38 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-06-10 12:37 . 2013-06-10 12:38 -------- d-----w- c:\programdata\TuneUp Software
2013-06-10 12:36 . 2013-06-10 13:19 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-10 12:36 . 2013-06-10 12:36 -------- d--h--w- c:\programdata\Common Files
2013-06-10 10:29 . 2013-06-10 10:29 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Malwarebytes
2013-06-10 10:29 . 2013-06-10 10:29 -------- d-----w- c:\programdata\Malwarebytes
2013-06-10 10:29 . 2013-06-10 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-10 10:29 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-04 19:01 . 2013-06-04 19:01 -------- d-----w- c:\program files\Microsoft
2013-05-29 09:57 . 2013-05-29 09:57 -------- d-----w- c:\programdata\Melesta
2013-05-29 09:57 . 2013-05-29 09:57 -------- d-----w- c:\program files\LeeGT-Games
2013-05-24 18:41 . 2013-05-24 18:41 -------- d-----w- c:\program files\iPod
2013-05-24 18:40 . 2013-05-24 18:41 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-24 18:40 . 2013-05-24 18:41 -------- d-----w- c:\program files\iTunes
2013-05-15 10:46 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 10:46 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 10:46 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 13:58 . 2012-04-19 10:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 13:58 . 2011-06-22 05:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-28 06:50 . 2013-03-20 12:34 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 06:50 . 2013-03-20 12:34 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 06:50 . 2013-03-20 12:34 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-16 12:51 . 2010-11-16 15:42 1586800 ----a-w- c:\program files\wmain10.dll
2010-11-16 12:51 . 2010-11-16 15:42 2191360 ----a-w- c:\program files\wstyle10.dll
2010-11-16 12:51 . 2010-11-16 15:42 25182208 ----a-w- c:\program files\wstyle110.dll
2010-11-16 08:38 . 2010-11-16 15:42 827392 ----a-w- c:\program files\wform10.dll
2010-11-16 08:38 . 2010-11-16 15:42 2084864 ----a-w- c:\program files\wxml10.dll
2010-11-16 08:38 . 2010-11-16 15:42 6823936 ----a-w- c:\program files\wkont10.dll
2010-11-15 22:47 . 2010-11-16 15:42 270336 ----a-w- c:\program files\wsearch10.dll
2010-11-15 22:47 . 2010-11-16 15:42 25088 ----a-w- c:\program files\wfrm610.dll
2010-11-15 22:47 . 2010-11-16 15:42 360448 ----a-w- c:\program files\wfrm410.dll
2010-11-15 22:47 . 2010-11-16 15:42 110592 ----a-w- c:\program files\wfrm310.dll
2010-11-15 22:47 . 2010-11-16 15:42 1019904 ----a-w- c:\program files\wfrm510.dll
2010-11-15 22:46 . 2010-11-16 15:42 716800 ----a-w- c:\program files\wfrm210.dll
2010-11-15 22:46 . 2010-11-16 15:42 311296 ----a-w- c:\program files\wfrm110.dll
2010-11-15 22:44 . 2010-11-16 15:42 4743168 ----a-w- c:\program files\wauff10.dll
2010-11-15 22:40 . 2010-11-16 15:42 1105920 ----a-w- c:\program files\wfvie10.dll
2010-11-15 22:39 . 2010-11-16 15:42 221184 ----a-w- c:\program files\wzsmdl10.dll
2010-11-15 22:39 . 2010-11-16 15:42 77824 ----a-w- c:\program files\wsons10.dll
2010-11-15 22:38 . 2010-11-16 15:42 1347584 ----a-w- c:\program files\wwerb10.dll
2010-11-15 22:36 . 2010-11-16 15:42 1839104 ----a-w- c:\program files\whau210.dll
2010-11-15 22:33 . 2010-11-16 15:42 602112 ----a-w- c:\program files\whau110.dll
2010-11-15 22:32 . 2010-11-16 15:42 1200128 ----a-w- c:\program files\wbae410.dll
2010-11-15 22:30 . 2010-11-16 15:42 2134016 ----a-w- c:\program files\wbae310.dll
2010-11-15 22:27 . 2010-11-16 15:42 684032 ----a-w- c:\program files\wbae210.dll
2010-11-15 22:25 . 2010-11-16 15:42 4050944 ----a-w- c:\program files\wbae110.dll
2010-11-15 22:20 . 2010-11-16 15:42 1593344 ----a-w- c:\program files\wimp10.dll
2010-11-15 22:17 . 2010-11-16 15:42 471040 ----a-w- c:\program files\wfanl10.dll
2010-11-15 22:17 . 2010-11-16 15:42 4505600 ----a-w- c:\program files\wanl10.dll
2010-11-15 22:15 . 2010-11-16 15:43 1169008 ----a-w- c:\program files\meinsparbuchheute.exe
2010-11-15 22:13 . 2010-11-16 15:43 282624 ----a-w- c:\program files\wisohilfe.exe
2010-11-15 22:10 . 2010-11-16 15:42 1216512 ----a-w- c:\program files\wfabu10.dll
2010-11-15 22:05 . 2010-11-16 15:42 167936 ----a-w- c:\program files\wnavitree10.dll
2010-11-15 22:05 . 2010-11-16 15:42 1220608 ----a-w- c:\program files\wreli10.dll
2010-11-15 22:03 . 2010-11-16 15:42 552960 ----a-w- c:\program files\woptions10.dll
2010-11-15 22:03 . 2010-11-16 15:42 9506816 ----a-w- c:\program files\winc10.dll
2010-11-15 21:49 . 2010-11-16 15:42 135168 ----a-w- c:\program files\wincb10.dll
2010-11-15 21:48 . 2010-11-16 15:42 77824 ----a-w- c:\program files\wglob10.dll
2010-11-15 21:48 . 2010-11-16 15:42 1040384 ----a-w- c:\program files\wsteu10.dll
2010-11-15 21:46 . 2010-11-16 15:42 233472 ----a-w- c:\program files\rszeus4.dll
2010-11-15 21:46 . 2010-11-16 15:42 94208 ----a-w- c:\program files\rsdebug4.dll
2010-11-15 21:46 . 2010-11-16 15:42 122880 ----a-w- c:\program files\rswinapi4.dll
2010-11-15 21:42 . 2010-11-16 15:42 651264 ----a-w- c:\program files\whelpcnt10.dll
2010-11-15 21:42 . 2010-11-16 15:42 12800 ----a-w- c:\program files\whelpzmm10.dll
2010-11-15 21:42 . 2010-11-16 15:42 10752 ----a-w- c:\program files\whelpva10.dll
2010-11-15 21:42 . 2010-11-16 15:42 15872 ----a-w- c:\program files\whelpzmz10.dll
2010-11-15 21:42 . 2010-11-16 15:42 90112 ----a-w- c:\program files\whelpust10.dll
2010-11-15 21:42 . 2010-11-16 15:42 28065792 ----a-w- c:\program files\whelpurt10.dll
2010-11-15 21:41 . 2010-11-16 15:42 172032 ----a-w- c:\program files\whelptt10.dll
2010-11-15 21:41 . 2010-11-16 15:42 311296 ----a-w- c:\program files\whelptech10.dll
2010-11-15 21:40 . 2010-11-16 15:42 48128 ----a-w- c:\program files\whelpstpl10.dll
2010-11-15 21:40 . 2010-11-16 15:42 65536 ----a-w- c:\program files\whelpmbr10.dll
2010-11-15 21:40 . 2010-11-16 15:42 26624 ----a-w- c:\program files\whelpmv10.dll
2010-11-15 21:40 . 2010-11-16 15:42 679936 ----a-w- c:\program files\whelplos10.dll
2010-11-15 21:40 . 2010-11-16 15:42 31744 ----a-w- c:\program files\whelpiz10.dll
2010-11-15 21:40 . 2010-11-16 15:42 20480 ----a-w- c:\program files\whelpgst10.dll
2010-11-15 21:40 . 2010-11-16 15:42 9117696 ----a-w- c:\program files\whelpges10.dll
2010-11-15 21:39 . 2010-11-16 15:42 344064 ----a-w- c:\program files\whelpgef10.dll
2010-11-15 21:39 . 2010-11-16 15:42 57344 ----a-w- c:\program files\whelpfaq10.dll
2010-11-15 21:39 . 2010-11-16 15:42 47616 ----a-w- c:\program files\whelpfabu10.dll
2010-11-15 21:39 . 2010-11-16 15:42 208896 ----a-w- c:\program files\whelpeue10.dll
2010-11-15 21:39 . 2010-11-16 15:42 1236992 ----a-w- c:\program files\whelpest10.dll
2010-11-15 21:39 . 2010-11-16 15:42 61440 ----a-w- c:\program files\whelpehz10.dll
2010-11-15 21:39 . 2010-11-16 15:42 69632 ----a-w- c:\program files\whelpbnr10.dll
2010-11-15 21:39 . 2010-11-16 15:42 425984 ----a-w- c:\program files\whelpbfh10.dll
2010-11-15 21:39 . 2010-11-16 15:42 6144 ----a-w- c:\program files\whelpbel10.dll
2010-11-15 21:39 . 2010-11-16 15:42 208896 ----a-w- c:\program files\whelpabc10.dll
2010-09-03 12:02 . 2010-11-16 15:42 8028160 ----a-w- c:\program files\qtguirs4.dll
2010-07-30 14:42 . 2010-11-16 15:42 204800 ----a-w- c:\program files\rsericp.dll
2010-07-29 11:16 . 2010-11-16 15:43 196608 ----a-w- c:\program files\phonon_ds9rs4.dll
2010-07-29 11:13 . 2010-11-16 15:42 9437184 ----a-w- c:\program files\qtwebkitrs4.dll
2010-07-29 10:42 . 2010-11-16 15:42 274432 ----a-w- c:\program files\qtsvgrs4.dll
2010-07-29 10:41 . 2010-11-16 15:42 266240 ----a-w- c:\program files\phononrs4.dll
2010-07-29 10:41 . 2010-11-16 15:42 2007040 ----a-w- c:\program files\qtxmlpatternsrs4.dll
2010-07-29 10:38 . 2010-11-16 15:42 442368 ----a-w- c:\program files\qtopenglrs4.dll
2010-07-29 10:37 . 2010-11-16 15:42 2416640 ----a-w- c:\program files\qt3supportrs4.dll
2010-07-29 10:36 . 2010-11-16 15:42 86016 ----a-w- c:\program files\qttestrs4.dll
2010-07-29 10:36 . 2010-11-16 15:42 704512 ----a-w- c:\program files\qtscriptrs4.dll
2010-07-29 10:35 . 2010-11-16 15:42 589824 ----a-w- c:\program files\qtsqlrs4.dll
2010-07-29 10:26 . 2010-11-16 15:42 897024 ----a-w- c:\program files\qtnetworkrs4.dll
2010-07-29 10:25 . 2010-11-16 15:42 364544 ----a-w- c:\program files\qtxmlrs4.dll
2010-07-29 10:25 . 2010-11-16 15:42 2080768 ----a-w- c:\program files\qtcorers4.dll
2010-07-12 16:02 . 2010-11-16 15:42 139264 ----a-r- c:\program files\tm98.dll
2010-07-12 16:02 . 2010-11-16 15:42 584192 ----a-r- c:\program files\ericapi.dll
2010-07-12 15:58 . 2010-11-16 15:42 3791872 ----a-r- c:\program files\ericprint.dll
2010-07-12 15:45 . 2010-11-16 15:42 146944 ----a-r- c:\program files\ericio.dll
2010-07-12 15:45 . 2010-11-16 15:42 1152512 ----a-r- c:\program files\fa_xml.dll
2010-07-12 15:45 . 2010-11-16 15:42 41984 ----a-r- c:\program files\tmget.dll
2010-07-12 15:44 . 2010-11-16 15:42 1435648 ----a-r- c:\program files\tmdoc.dll
2010-07-12 15:44 . 2010-11-16 15:42 1147904 ----a-r- c:\program files\tmcrypt.dll
2010-07-12 15:43 . 2010-11-16 15:42 1190912 ----a-r- c:\program files\erictransfer.dll
2010-07-12 15:43 . 2010-11-16 15:42 881152 ----a-r- c:\program files\ericcrypt.dll
2010-07-12 15:43 . 2010-11-16 15:42 254976 ----a-r- c:\program files\ericanm.dll
2010-07-12 15:42 . 2010-11-16 15:42 1996800 ----a-r- c:\program files\ericxml.dll
2010-07-12 15:38 . 2010-11-16 15:42 4914176 ----a-r- c:\program files\ericbasis.dll
2010-07-12 15:35 . 2010-11-16 15:42 311808 ----a-r- c:\program files\ericplugin.dll
2010-07-12 15:33 . 2010-11-16 15:42 954368 ----a-r- c:\program files\ericutil.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ApplePhotoStreams"=c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"iCloudServices"=c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PDFPrint"=c:\program files\PDF24\pdf24.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
.
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:58]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-22 08:02]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-22 08:02]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000Core.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:44]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2467873813-358388713-1169702490-1000UA.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - ExtSQL: 2013-04-25 15:58; ihkha@uvwyva.com; c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\lssdihk7.default\extensions\ihkha@uvwyva.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SP_48c708f2 - c:\program files\BrowseToSave\uninstall.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
AddRemove-{7563F305-467B-AA19-B26D-E2083D935AF1} - c:\progra~2\INSTAL~1\{8C9EE~1\Setup.exe
AddRemove-{F3B4202C-2FE2-4BE8-A903-67C0285702DA} - c:\progra~2\INSTAL~1\{F3B42~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-12 16:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3116)
c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Zeit der Fertigstellung: 2013-06-12 16:53:15
ComboFix-quarantined-files.txt 2013-06-12 14:53
.
Vor Suchlauf: 15 Verzeichnis(se), 32,972,529,664 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 32,798,785,536 Bytes frei
.
- - End Of File - - A90C621D8A735A2A3D2615CCC19B0265
5C616939100B85E558DA92B899A0FC36
Nur mal so ne Laienfrage am Rande:Was ist denn eigentlich kaputt???  |
|
12.06.2013, 16:26
| #12 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Kommt diese Fehlermeldung immer noch? Vielleicht das es ein Problem mit eine Dienst von Windows die Ursache ist. Wir schauen da mal genauer nach: Scan mit Farbar's Service Scanner
|
|
12.06.2013, 16:50
| #13 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) ist es das? Code:
ATTFilter Farbar Service Scanner Version: 31-05-2013 01
Ran by Sebastian (administrator) on 12-06-2013 at 17:43:41
Running from "C:\Users\Sebastian\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 07:30] - [2013-05-08 06:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-12 07:29] - [2013-04-24 06:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
12.06.2013, 17:38
| #14 |
| /// Malwareteam / Visitor | Hostprozess beendet, Internet langsam (warten auf Cache) Keine Probleme zu sehen in den FSS-Log. Die Probleme bestehen immer noch? |
|
12.06.2013, 18:40
| #15 |
| | Hostprozess beendet, Internet langsam (warten auf Cache) Bisher sieht alles gut aus! Aber vorher lief es auch manchmal ein paar Stunden gut, ich will den Tag nicht vor dem Abend loben... Was allerdings nach wie vor auftritt ist dieses "Warten auf den Cache"... Auf jeden Fall schonmal ein ganz großes Dankeschön für deine Hilfe! Das ist wirklich toll!  Wenn jetzt alles wieder funktioniert, kann man dann von einem Virus ausgehen oder woran lag es? |
|
| Themen zu Hostprozess beendet, Internet langsam (warten auf Cache) |
| amerika, antivir, avira, bonjour, converter, desktop, error, excel, failed, firefox, flash player, google, hijack, hijackthis, home, hängen, install.exe, intranet, konfigurator, langsam, logfile, mp3, origin, plug-in, problem, realtek, safer networking, scan, security, software, starten, wiso, wsearch |
WARNUNG an die MITLESER: 
Linear-Darstellung
