| sphagnicola | 04.04.2013 00:50 |
Danke schon einmal für deine Mühe!
Die Datei von defogger (die auf dem Desktop gespeicherte Datei hieß aber nicht defogger_disable.txt, sondern defogger_disable.log):
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:25 on 04/04/2013 (Sebastian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- GMER Report:
GMER Logfile: Code:
GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-04 01:34:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315003 rev.CC4G 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\fglyauoc.sys
---- Threads - GMER 2.1 ----
Thread [800:880] 000000007726aec0
Thread [800:144] 000000007726fbc0
Thread [800:376] 000000007726fbc0
Thread [800:416] 000000007726fbc0
Thread [800:428] 000000007726fbc0
Thread [800:424] 000000007726fbc0
Thread [800:520] 000000007726fbc0
Thread [800:2132] 000000007726fbc0
Thread [800:3856] 000000007726fbc0
Thread [800:1232] 000000007726fbc0
Thread C:\Windows\System32\svchost.exe [1096:1528] 000007fef9f059a0
Thread C:\Windows\System32\svchost.exe [1096:3868] 000007fef67214a0
Thread C:\Windows\System32\svchost.exe [1096:3944] 000007fef63820c0
Thread C:\Windows\System32\svchost.exe [1096:4008] 000007fef63826a8
Thread C:\Windows\System32\svchost.exe [1096:4072] 000007fef62ca2b0
Thread C:\Windows\System32\svchost.exe [1096:4448] 000007fef82a88f8
Thread C:\Windows\System32\svchost.exe [1096:4716] 000007fefd151a70
Thread C:\Windows\System32\svchost.exe [1096:5404] 000007fef7eb44e0
Thread C:\Windows\System32\svchost.exe [1096:5588] 000007feef513efc
Thread C:\Windows\System32\svchost.exe [1096:5680] 000007feef788a4c
Thread C:\Windows\System32\svchost.exe [1096:2412] 000007fef63829dc
Thread C:\Windows\System32\spoolsv.exe [1636:2140] 000007fef87b10c8
Thread C:\Windows\System32\spoolsv.exe [1636:2536] 000007fef81f6144
Thread C:\Windows\System32\spoolsv.exe [1636:2540] 000007fef8535fd0
Thread C:\Windows\System32\spoolsv.exe [1636:2544] 000007fef8343438
Thread C:\Windows\System32\spoolsv.exe [1636:2548] 000007fef85363ec
Thread C:\Windows\System32\spoolsv.exe [1636:2560] 000007fef8875e5c
Thread C:\Windows\System32\spoolsv.exe [1636:2592] 0000000001f5e0bc
Thread C:\Windows\system32\svchost.exe [2892:2932] 000007fef8535fd0
Thread C:\Windows\system32\svchost.exe [2892:2936] 000007fef8343438
Thread C:\Windows\system32\svchost.exe [2892:2940] 000007fef85363ec
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3160] 00000000727d102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3168] 00000000724af1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3184] 00000000724af1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3188] 00000000724a55d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3084:3404] 000000007277c159
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:3572] 000000007199473d
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:3588] 00000000719a5ced
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [3416:2136] 00000000763ed864
Thread C:\Windows\System32\WUDFHost.exe [3104:3444] 000007fef61724a0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:4856] 000007fefbcc2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:4480] 000007feed5ed618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5068:5280] 000007fef8245124
---- EOF - GMER 2.1 ----
--- --- --- OTL
OTL.txt:OTL Logfile: Code:
OTL logfile created on: 04.04.2013 01:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,36% Memory free
15,96 Gb Paging File | 13,80 Gb Available in Paging File | 86,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384,85 Gb Total Space | 731,05 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Program Files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: oce%40imperia.de:0.9.5.18
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.13 17:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.13 11:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 12:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 12:26:14 | 000,000,000 | ---D | M]
[2011.05.10 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2013.02.23 20:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hor1jz9o.default-1353108936275\extensions
[2013.02.23 20:15:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\firebug@software.joehewitt.com.xpi
[2012.11.20 00:23:50 | 000,088,602 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\hor1jz9o.default-1353108936275\extensions\oce@imperia.de.xpi
[2012.03.17 04:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.12 12:14:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
O1 HOSTS File: ([2011.05.12 13:09:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 sams.nikonimaging.com
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120701140422.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120701140422.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C65ED75B-DF41-43D3-9164-8B07E2084D59}: DhcpNameServer = 192.168.100.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BB49B4-1A18-4980-B879-47C5F1F05D47}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.04 01:36:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.04.04 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74806B54-4F2D-4A18-BF2F-981125A0C19D}
[2013.04.02 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{225CE963-1A6A-414F-85D8-E933F0BE6E67}
[2013.04.02 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{152C2AEA-AD24-4358-B29B-1046B0964BB3}
[2013.03.29 01:06:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{D4CE5FDA-54DC-46D1-A8E2-6C9318D1BAEF}
[2013.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7E953E6E-FC3F-4A26-AB03-F18BF88080C3}
[2013.03.28 11:42:46 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.03.28 11:42:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.03.28 11:42:46 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.03.28 11:42:46 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.03.28 11:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.03.28 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2013.03.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2013.03.28 11:31:32 | 612,962,040 | ---- | C] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe
[2013.03.27 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C0AD6F26-328F-4257-8207-F3B5BED65E42}
[2013.03.27 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{961EC8CE-7DDC-480D-87AE-3873F62468F5}
[2013.03.26 15:35:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{77AF463D-4FE7-4CFC-BD13-59DFBCDFA4C4}
[2013.03.25 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6AE66F82-48E3-48BE-96EA-2030C92BF27C}
[2013.03.23 14:53:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{C486F88E-E77E-47B0-B4E6-748D2211D215}
[2013.03.23 13:28:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E348CBF0-BC2B-476E-8390-482A5957E07C}
[2013.03.23 01:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{74A91CBF-F9F5-4131-A6A1-600C09043B49}
[2013.03.22 12:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{5DF5730B-280F-4A7C-B62C-86F19BECDD33}
[2013.03.22 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{B5EA6352-C492-49A5-B36E-6A1247953325}
[2013.03.21 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7ADE6515-0DEB-4E65-BC73-71FBC100F230}
[2013.03.20 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{2401641C-4D65-4526-9BA7-B65E4B8D2F4F}
[2013.03.20 22:50:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.20 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{7523BDF3-8AC0-4C25-9F7F-1F356B0BF73A}
[2013.03.19 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{F58FCB79-203B-4578-AC78-02023CF9A7CE}
[2013.03.19 11:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{28DCF6B7-E804-46DC-B70E-5EAC7AC2126E}
[2013.03.18 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{3D4A36B3-7DE3-43B8-8A95-1D08E35E0463}
[2013.03.18 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{E59CB382-4C69-4A3A-944D-55F5F100DC3F}
[2013.03.17 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{985DF1AE-F56C-4226-86F6-AC0ADE5777AA}
[2013.03.16 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{BEB30B96-848D-4C77-BDC5-8C03EC48C373}
[2013.03.15 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{FCADF748-2BC3-4748-B328-E2B6680CFD76}
[2013.03.14 10:51:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0C340A67-8473-4B93-AA7B-3A757F5DD586}
[2013.03.13 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{1D6DF0C0-51E4-4BCB-A4C0-B2A3BDB9DB33}
[2013.03.13 03:00:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 03:00:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 03:00:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 03:00:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 03:00:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 03:00:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 03:00:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 03:00:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 03:00:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 03:00:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 03:00:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 03:00:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 03:00:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 03:00:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 03:00:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 02:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 02:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 02:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.12 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{0F1F4F7E-6D48-4F56-952E-56C5F4479E56}
[2013.03.12 11:57:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.12 11:56:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.12 11:56:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.12 11:56:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.12 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{A818974B-6537-4B0D-9A59-88040111D22C}
[2013.03.05 23:58:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{56274CDF-5586-41F2-AD05-141CE9C2CDA1}
[2013.03.05 11:58:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\{6DD0DE3F-687F-4B33-BDF1-19FB0138D08F}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.04 01:36:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.04.04 01:27:28 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe
[2013.04.04 01:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.04 01:25:20 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable
[2013.04.04 01:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013.04.04 01:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 01:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 21:37:55 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 21:37:55 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 21:30:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 21:30:29 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 03:43:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2013.04.02 03:17:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013.03.28 16:07:29 | 000,001,456 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.03.28 14:59:37 | 000,015,789 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.jpg
[2013.03.28 14:58:43 | 001,144,346 | ---- | M] () -- C:\Users\Sebastian\Desktop\Copyright.psd
[2013.03.28 11:42:46 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.03.28 11:42:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.03.28 11:42:46 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.03.28 11:42:46 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.03.28 11:38:50 | 612,962,040 | ---- | M] (Acresso Software Inc.) -- C:\Users\Sebastian\Desktop\3DMark06_v120_1901_universal.exe
[2013.03.28 11:32:22 | 000,007,652 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
[2013.03.27 21:56:55 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.21 11:34:55 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013.03.21 11:32:55 | 001,448,465 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd
[2013.03.18 20:54:51 | 000,000,132 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.03.13 12:19:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 12:19:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 11:56:51 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.12 11:56:49 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.12 11:56:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.12 11:56:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.12 11:56:48 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.12 11:56:48 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Sebastian\Desktop\*.tmp files -> C:\Users\Sebastian\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.04 01:27:28 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\gmer_2.1.19155.exe
[2013.04.04 01:25:20 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable
[2013.04.04 01:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Sebastian\Desktop\Defogger.exe
[2013.03.28 14:59:34 | 000,015,789 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.jpg
[2013.03.27 22:25:45 | 001,144,346 | ---- | C] () -- C:\Users\Sebastian\Desktop\Copyright.psd
[2013.03.27 21:56:55 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.18 19:10:40 | 001,448,465 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt-1.psd
[2013.01.30 05:10:25 | 000,007,652 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
[2012.10.10 16:38:22 | 000,479,200 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCacheT
[2012.10.10 16:38:22 | 000,025,858 | -H-- | C] () -- C:\Users\Sebastian\.BridgeCache
[2012.08.15 22:50:23 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.08.12 11:11:54 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.07.12 00:43:36 | 000,986,523 | ---- | C] () -- C:\Users\Sebastian\_DSC7309.jpg
[2012.02.02 18:48:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.01.15 01:09:08 | 000,000,244 | ---- | C] () -- C:\Windows\mobjects.ini
[2012.01.02 22:04:37 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.02 22:04:37 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.08.22 21:55:07 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.05 11:04:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Multipressor
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Master
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mallets
[2011.06.26 19:54:28 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Mail
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.06.26 19:54:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.06.26 15:09:27 | 000,000,132 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.05.12 13:19:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems
[2011.05.12 13:19:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2011.05.12 01:47:06 | 000,001,456 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.05.11 17:36:03 | 001,371,098 | ---- | C] () -- C:\Users\Sebastian\grypus_Helgoland_291210-007.jpg
[2011.05.11 12:09:41 | 000,000,508 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool
[2011.05.10 20:39:40 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Specifications
[2011.05.10 20:39:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011.05.10 20:39:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass
[2011.05.10 20:39:33 | 000,000,268 | RH-- | C] () -- C:\Users\Sebastian\AppData\Roaming\Speech Enhancer
[2011.05.10 20:33:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.05.07 02:36:33 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.06 18:09:38 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.05.06 18:09:38 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.05.06 18:09:37 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.05.06 18:09:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.05.06 17:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{79145b63-5e27-e084-89a0-7dfa039786d8}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Local\{79145b63-5e27-e084-89a0-7dfa039786d8}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.08.22 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.12 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011.05.10 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.05 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command and Conquer 4
[2011.12.25 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\EPSON
[2013.03.21 17:32:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla
[2012.08.15 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView
[2011.05.11 16:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\NeatImage PS 64
[2012.08.13 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nikon
[2013.01.02 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++
[2012.01.18 00:29:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera
[2012.11.15 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin
[2013.03.18 00:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client
[2011.05.11 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.10 20:49:12 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP
[2011.05.11 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
--- --- --- Extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 04.04.2013 01:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,36% Memory free
15,96 Gb Paging File | 13,80 Gb Available in Paging File | 86,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384,85 Gb Total Space | 731,05 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E4B30E-9A71-4ADA-B644-632C134CC445}" = lport=139 | protocol=6 | dir=in | app=system |
"{058BE1B8-2F1E-4F2D-B038-FC73D09B9A83}" = rport=137 | protocol=17 | dir=out | app=system |
"{271CF133-4497-4F8B-982C-3C58A7974A5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28AD039F-E2F6-4803-B5A4-B6E4747AF47F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B7730B6-11E7-4343-9D90-98204C4AFAF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43B0D46B-86AC-4593-8444-E6D617E3022B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F0D235C-A421-4909-B57F-EBE6A622E16B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61E49E05-F40A-47D1-A2BB-0FD5A547BCAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{668ABB36-141E-464C-ACDD-93FB4E8E88AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{680CC1B0-9E33-40E4-AF69-1DB50913FEA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{89CAB581-3698-49B2-9E59-114543E6CF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BF3E4EB-F2B6-48FB-A21F-EDCAF20E1741}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8E8AE1C6-33FC-4CFC-B958-46FD92D2F26E}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A9C00E3-464F-483C-BAF5-2FE7C33FD3FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC80FEA4-3D65-4298-A6EB-2AC507997B4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B729EBE9-1D75-4DFB-92CB-3B39BF56DCFA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C373F06E-AE13-4012-8D46-148BA949D104}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA43A349-67FD-472F-9948-036C37CF0669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E96363AC-EAED-4B2F-B3D6-25C3344D5D2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E9DC6326-B743-464C-A561-F7DBF287AB89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9ECB833-19C0-4F6C-881E-8E3B812A91E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC101DCA-2EEA-4669-9836-86A901931F8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECD29807-E070-4070-9458-17D3FD498AD8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8FF7AEA-5E01-4C9C-9EA6-5AA553F0E189}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCFA9A55-A8C1-4645-A49A-80B2CC04A60C}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04066DA3-4289-4137-A06C-04CE376D0350}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0607E14A-D043-432A-8FBD-DF502BA704B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09820638-96AE-43CF-B4B4-E4964881B8B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DE1259A-99A3-4C5A-BA3A-008D719B89F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19D9FFCA-EF56-4BFC-BCBA-28936EA57381}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1E8F4506-2E49-4E04-82DB-99A7E5FD3DA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2290DCCA-BBB3-40C0-9D74-DA6E69792641}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ED27918-3EDF-4D28-A3F2-95A2F0B57B46}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{30EF04EC-958B-4366-AEB8-0F9F44415673}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{366BA739-1E36-4080-96F4-CF4CE8C540D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3AB3A996-D37F-4953-BE0E-E6E247A32541}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3D811E06-12E4-4D95-9EAA-3259AFBFA6F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{44600033-D75D-4163-9E52-8345C353216B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48C085F0-FA66-4C6F-BE75-CF057C09DE73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50A8946E-7091-433A-A12D-0B07E0B258F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{5CE59D45-10D5-43FD-AA84-991DFAAD6C01}" = dir=in | app=%programfiles% (x86)\nikon\nikon message center 2\nkmc2.exe |
"{642376C3-5535-4A88-B0E1-816BF589109D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{66F9FAD8-7A54-4A8F-B7FE-C842C99C92B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82E15888-2F4A-4E80-9E74-7F7535373A7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C43F768-352B-48B6-8A95-EE98ECACB59C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E265C21-8940-4625-81D6-59566E76C301}" = dir=out | app=%programfiles% (x86)\nikon\nikon message center 2\nkmc2.exe |
"{99AAB885-8BA9-40CF-A908-8E5AC82985EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC851886-AFC3-4354-BED3-E41A640CCB3A}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{ADF83E6B-6C35-4859-A9C4-AAB46DAEEC0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2A7613F-85B4-44F7-A309-003A6489D82E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{C088E283-B3F5-443F-A59F-81AC57C11CE9}" = protocol=6 | dir=out | app=system |
"{C7DF668F-6D62-43C2-9378-EBEFBC4A2D45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDE1FF60-C5C2-4CD8-B078-DC0F4D26D54F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D525E825-785A-4179-8496-70DBC24B1283}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D5E0E353-592C-4415-801A-DC18342BF655}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DDABF9B4-CD50-4999-9DA4-82A13C67ED05}" = dir=out | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe |
"{E7A0455E-0102-416A-B0A2-B70EAAE1B21A}" = dir=in | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe |
"{F0F15499-2C8A-4022-AB80-ED41AC78F808}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F627E0B4-F953-487E-A583-2384CC379725}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FEC3DB65-6897-48ED-B59D-550EE35C579F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{87114EA9-FCEA-454E-A3EE-21DE62562FDB}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{8AE4A3DE-7EBF-408F-BD6E-3D037C476561}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{E0D88A0D-FA58-46EC-B6D2-A2657661EB9B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{80131195-4150-4A89-810E-C9A7BCF74F95}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{B568655D-98B6-4F50-8A89-5B276C141F42}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{F59CDC4C-9008-46D4-911D-6A5113CE76B1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EE2A29D-1D30-5546-2305-EDB418EBCEFD}" = ccc-utility64
"{2CA3495A-46E9-4E03-866F-8B9B0AD177CA}" = Microsoft Camera Codec Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{881F6DFF-9090-E49F-4CF7-4827705D0F56}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6F37831-C06A-4E0A-9E3B-10AC3A1F537E}" = ATI AVIVO64 Codecs
"DW WLAN Card" = DW WLAN Card
"EPSON S22 Series" = EPSON S22 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Neat Image plug-in for Photoshop_is1" = Neat Image v7.0 Demo plug-in for Photoshop (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{185CE178-48CD-3588-3229-533617DDC1AD}" = CCC Help Finnish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BF5CA6C-C8BE-1770-F4BE-8CC6FB86DD5B}" = CCC Help Greek
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36842FC7-F4A5-E25F-1068-916EB9CF0BC7}" = CCC Help Spanish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3958FD3B-1D45-4468-E037-106691DD86AB}" = CCC Help Swedish
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{405263FC-E3B5-4CA4-A619-783D7176D25C}" = CCC Help Norwegian
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{44E5BA62-0210-64FA-0E82-5D3A01B0B779}" = CCC Help Dutch
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A24C59F-689D-4B0F-3B39-B6DB3D8D7298}" = CCC Help Chinese Traditional
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5E558E4F-6630-E777-04A3-1775A4429626}" = Catalyst Control Center InstallProxy
"{5FD58FE9-90E9-AAE3-5EC9-C1292CE8E118}" = CCC Help German
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66336E9B-5482-B5FB-94F0-405874EE3541}" = Adobe Download Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E89BFB-BF09-1FF1-B4CF-01934C4AF5E9}" = Catalyst Control Center Localization All
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BFA6B05-8BBA-0B9E-25D4-3FA20E5D604C}" = CCC Help Japanese
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7329D06E-012D-2AE1-952E-F12BC9551DB6}" = CCC Help Portuguese
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73CA459A-3A47-EEBA-1BBD-E9A684A94CB1}" = CCC Help Czech
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840F1343-C902-A552-64E8-D5C37C7A62D2}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A40FB177-D824-CBC1-DD77-87E6F8614C54}" = ccc-core-static
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A590C358-ACC1-3654-0473-77857D73214A}" = CCC Help English
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AACC8417-9D5D-A0B4-3A5C-03DB3DF030AD}" = CCC Help Korean
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B196A780-B79C-4F35-976D-D3A9D63076BE}" = CCC Help Russian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFFE230A-8520-423D-8A22-DB82C9922925}" = Das Interaktive Kartenwerk. Deutschland
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C143FE2D-8B52-A8AD-8A90-5A8F32B77D89}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7BEFFC9-2D4E-3E80-A3C4-FBCE1D8D0771}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8961DCD-84AF-281C-F3DD-A5109A17DBE0}" = CCC Help Thai
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA32037B-5A44-A050-E107-A172FEA36C87}" = CCC Help French
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5856DAC-D612-4B66-BD10-76720817E1BC}" = Brandenburg Berlin 2.0
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F690BD28-335C-B221-F8ED-17CF552AC0F9}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FABAB9BD-E97B-187D-9A8C-46DDED643981}" = CCC Help Polish
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)" = Top50 Viewer
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.2
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"m.objects v5" = m.objects v5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"ODBC" = ODBC
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"Origin" = Origin
"Spyder3Express" = Spyder3Express
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.07.2012 16:28:54 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.07.2012 16:49:50 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm Capture NX 2.exe, Version 2.2.6.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1098 Startzeit:
01cd6c386058597f Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Nikon\Capture
NX 2\Capture NX 2.exe Berichts-ID: 98622093-d82c-11e1-a7a6-782bcb94fad5
Error - 27.07.2012 16:56:35 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm Capture NX 2.exe, Version 2.2.6.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c94 Startzeit:
01cd6c395fdedb92 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Nikon\Capture
NX 2\Capture NX 2.exe Berichts-ID: 8a4efdab-d82d-11e1-a7a6-782bcb94fad5
Error - 28.07.2012 05:10:29 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.07.2012 07:00:03 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1
Description =
Error - 28.07.2012 07:00:03 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1
Description =
Error - 28.07.2012 19:32:09 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2012 04:07:25 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2012 07:00:02 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1
Description =
Error - 29.07.2012 07:00:02 | Computer Name = Sebastian-PC | Source = PC-Doctor | ID = 1
Description =
Error - 30.07.2012 01:09:26 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
[ Dell Events ]
Error - 11.02.2013 19:32:58 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 12.02.2013 21:54:33 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 12.02.2013 21:54:33 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 13.02.2013 05:42:04 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 13.02.2013 05:42:04 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 05.03.2013 17:35:26 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 05.03.2013 17:35:26 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 12.03.2013 16:55:20 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 12.03.2013 16:55:20 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 01.04.2013 18:02:54 | Computer Name = Sebastian-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 23.03.2013 09:30:46 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 14:30:46 - Fehler beim Herstellen der Internetverbindung. 14:30:46
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 09:31:19 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 14:31:15 - Fehler beim Herstellen der Internetverbindung. 14:31:15
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 10:31:50 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 15:31:50 - Fehler beim Herstellen der Internetverbindung. 15:31:50
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 10:32:20 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 15:32:20 - Fehler beim Herstellen der Internetverbindung. 15:32:20
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 11:32:51 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 16:32:51 - Fehler beim Herstellen der Internetverbindung. 16:32:51
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 11:33:21 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 16:33:21 - Fehler beim Herstellen der Internetverbindung. 16:33:21
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 12:33:52 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 17:33:52 - Fehler beim Herstellen der Internetverbindung. 17:33:52
- Serververbindung konnte nicht hergestellt werden..
Error - 23.03.2013 12:34:22 | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0
Description = 17:34:22 - Fehler beim Herstellen der Internetverbindung. 17:34:22
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 22.03.2013 06:49:19 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 22.03.2013 06:49:19 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 23.03.2013 11:49:04 | Computer Name = Sebastian-PC | Source = NetBT | ID = 4321
Description = Der Name "SEBASTIAN-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.2 registriert werden. Der Computer mit IP-Adresse 192.168.1.3
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.03.2013 08:33:52 | Computer Name = Sebastian-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.245.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: Microsoft Deutschland | Geräte und Dienste Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 01.04.2013 17:47:12 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2013 17:47:12 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2013 18:24:39 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2013 18:24:39 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 02.04.2013 13:16:34 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 02.04.2013 13:16:34 | Computer Name = Sebastian-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
--- --- --- |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
Textbox. 